[PATCH] fhandler_pipe: add sanity limit to handle loops
Ken Brown
kbrown@cornell.edu
Sun Dec 26 16:24:40 GMT 2021
On 12/26/2021 11:04 AM, Ken Brown wrote:
> On 12/26/2021 10:09 AM, Ken Brown wrote:
>> 1. For some processes, NtQueryInformationProcess(ProcessHandleInformation) can
>> return STATUS_SUCCESS with invalid handle information. See the comment
>> starting at line 5754, where it is shown how to detect this.
>
> If I'm right, the following patch should fix the problem:
>
> diff --git a/winsup/cygwin/fhandler_pipe.cc b/winsup/cygwin/fhandler_pipe.cc
> index ba6b70f55..4cef3e4ca 100644
> --- a/winsup/cygwin/fhandler_pipe.cc
> +++ b/winsup/cygwin/fhandler_pipe.cc
> @@ -1228,6 +1228,7 @@ fhandler_pipe::get_query_hdl_per_process (WCHAR *name,
> HeapAlloc (GetProcessHeap (), 0, nbytes);
> if (!phi)
> goto close_proc;
> + phi->NumberOfHandles = 0;
> status = NtQueryInformationProcess (proc, ProcessHandleInformation,
> phi, nbytes, &len);
> if (NT_SUCCESS (status))
Actually, this first hunk should suffice.
> @@ -1238,6 +1239,11 @@ fhandler_pipe::get_query_hdl_per_process (WCHAR *name,
> while (n_handle < (1L<<20) && status == STATUS_INFO_LENGTH_MISMATCH);
> if (!NT_SUCCESS (status))
> goto close_proc;
> + if (phi->NumberOfHandles == 0)
> + {
> + HeapFree (GetProcessHeap (), 0, phi);
> + goto close_proc;
> + }
>
> for (ULONG j = 0; j < phi->NumberOfHandles; j++)
> {
>
> Jeremy, could you try this?
>
> Ken
More information about the Cygwin-patches
mailing list