This is the mail archive of the cygwin-patches mailing list for the Cygwin project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: [PATCH] Buffer over-run fix for getusershell(3)


On May 18 20:12, David Stacey wrote:
> This is the first patch resulting from the Coverity Scan analysis of the
> Cygwin source code. The patch fixes Coverity ID 59932. Note that we don't
> have that many bugs in the Cygwin source code - that's just an ID that
> Coverity assigned to this issue. The patch is only a single line, so it
> falls into our definition of 'trivial'.
> 
> getusershell(3) returns the next line from the '/etc/shells' file [1]. This
> contains a path to an executable, so it makes sense for 'buf' to contain
> PATH_MAX characters.
> 
> Now, the definition of PATH_MAX is the maximum length of the path, including
> the null terminator [2]. So the for() loop should copy PATH_MAX-1
> characters, in order to allow for the null terminator.
> 
> However, by copying PATH_MAX characters, there is a possible buffer over-run
> when the null terminator is applied. The patch (attached) corrects this.
> 
> Change Log:
> 2014-05-18  David Stacey  <...>
> 
>         * winsup/cygwin/syscalls.cc(getusershell) :
>         Fixed theoretical buffer overrun of 'buf' that would occur if
>         /etc/shells contained a line longer than 4095 characters.

Thanks, patch applied.  Just your ChangeLog needs a bit of work.  The
Cygwin dir has its own ChangeLog file so the path should be relative to
that:

	* syscalls.cc (getusershell): ...


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

Attachment: pgpc1chrXL2CY.pgp
Description: PGP signature


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]