Mail Archives: cygwin/2003/01/01/12:06:21

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2003/01/01/12:06:21

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sources.redhat.com/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Date: Wed, 1 Jan 2003 12:06:14 -0500

From: Christopher Faylor <cgf AT redhat DOT com>

To: cygwin AT cygwin DOT com

Subject: Re: Heads up: *possible* bug in cygwin

Message-ID: <20030101170613.GA19419@redhat.com>

Reply-To: cygwin AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

References: <20030101100510 DOT 5b5b7f3f DOT steven DOT obrien2 AT ntlworld DOT com>

Mime-Version: 1.0

In-Reply-To: <20030101100510.5b5b7f3f.steven.obrien2@ntlworld.com>

User-Agent: Mutt/1.5.1i

On Wed, Jan 01, 2003 at 10:05:10AM +0000, Steven O'Brien wrote:
>Hi
>I found a possible glib buffer overflow that is cygwin-specific (due to
>a bug in cygwin perhaps?) that I worked around when porting glib-1.2.10
>to cygwin. Maybe this is still a problem in glib-2.0.x
>
>In glib-1.2.10, gutils.c: g_get_any_init (void), the current user
>details are obtained from /etc/passwd. This code is called as part of
>glib initialisation, whether the app wants this data or not. It uses
>sysconf (_SC_GETPW_R_SIZE_MAX) to decide how much buffer to allocate for
>this data. But on cygwin this appears broken, and the call to getpwuid_r
>(getuid (), &pwd, buffer, bufsize, &pw) *may* overrun buffer, depending
>on the length of the line in /etc/passwd for the current user.

It's not broken.  It is not implemented.  If glib is incorrectly dealing
with a negative return from sysconf then, um, hmm...

cgf

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/

- Raw text -

webmaster	delorie software privacy
Copyright © 2019 by DJ Delorie	Updated Jul 2019

Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sources.redhat.com/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Date:	Wed, 1 Jan 2003 12:06:14 -0500
From:	Christopher Faylor <cgf AT redhat DOT com>
To:	cygwin AT cygwin DOT com
Subject:	Re: Heads up: possible bug in cygwin
Message-ID:	<20030101170613.GA19419@redhat.com>
Reply-To:	cygwin AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
References:	<20030101100510 DOT 5b5b7f3f DOT steven DOT obrien2 AT ntlworld DOT com>
Mime-Version:	1.0
In-Reply-To:	<20030101100510.5b5b7f3f.steven.obrien2@ntlworld.com>
User-Agent:	Mutt/1.5.1i