[PATCH] Buffer over-run fix for getusershell(3)
Mon May 19 08:31:00 GMT 2014
On May 18 20:12, David Stacey wrote:
> This is the first patch resulting from the Coverity Scan analysis of the
> Cygwin source code. The patch fixes Coverity ID 59932. Note that we don't
> have that many bugs in the Cygwin source code - that's just an ID that
> Coverity assigned to this issue. The patch is only a single line, so it
> falls into our definition of 'trivial'.
> getusershell(3) returns the next line from the '/etc/shells' file . This
> contains a path to an executable, so it makes sense for 'buf' to contain
> PATH_MAX characters.
> Now, the definition of PATH_MAX is the maximum length of the path, including
> the null terminator . So the for() loop should copy PATH_MAX-1
> characters, in order to allow for the null terminator.
> However, by copying PATH_MAX characters, there is a possible buffer over-run
> when the null terminator is applied. The patch (attached) corrects this.
> Change Log:
> 2014-05-18 David Stacey <...>
> * winsup/cygwin/syscalls.cc(getusershell) :
> Fixed theoretical buffer overrun of 'buf' that would occur if
> /etc/shells contained a line longer than 4095 characters.
Thanks, patch applied. Just your ChangeLog needs a bit of work. The
Cygwin dir has its own ChangeLog file so the path should be relative to
* syscalls.cc (getusershell): ...
Corinna Vinschen Please, send mails regarding Cygwin to
Cygwin Maintainer cygwin AT cygwin DOT com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Size: 819 bytes
Desc: not available
More information about the Cygwin-patches