[PATCH] Buffer over-run fix for getusershell(3)
Corinna Vinschen
corinna-cygwin@cygwin.com
Mon May 19 08:31:00 GMT 2014
On May 18 20:12, David Stacey wrote:
> This is the first patch resulting from the Coverity Scan analysis of the
> Cygwin source code. The patch fixes Coverity ID 59932. Note that we don't
> have that many bugs in the Cygwin source code - that's just an ID that
> Coverity assigned to this issue. The patch is only a single line, so it
> falls into our definition of 'trivial'.
>
> getusershell(3) returns the next line from the '/etc/shells' file [1]. This
> contains a path to an executable, so it makes sense for 'buf' to contain
> PATH_MAX characters.
>
> Now, the definition of PATH_MAX is the maximum length of the path, including
> the null terminator [2]. So the for() loop should copy PATH_MAX-1
> characters, in order to allow for the null terminator.
>
> However, by copying PATH_MAX characters, there is a possible buffer over-run
> when the null terminator is applied. The patch (attached) corrects this.
>
> Change Log:
> 2014-05-18 David Stacey <...>
>
> * winsup/cygwin/syscalls.cc(getusershell) :
> Fixed theoretical buffer overrun of 'buf' that would occur if
> /etc/shells contained a line longer than 4095 characters.
Thanks, patch applied. Just your ChangeLog needs a bit of work. The
Cygwin dir has its own ChangeLog file so the path should be relative to
that:
* syscalls.cc (getusershell): ...
Thanks,
Corinna
--
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-patches/attachments/20140519/6eafc5ae/attachment.sig>
More information about the Cygwin-patches
mailing list