| delorie.com/archives/browse.cgi | search |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DomainKey-Signature: | a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:from:to:subject:date:message-id:mime-version | |
| :content-type; q=dns; s=default; b=xcN+xXqTYPGhG7GBcLvLcRReOfU4E | |
| U220OxE7lZV9zGGtwHY+NaAp/n/Bo1wvXf6giwLBa3S9AmVuWHfYflbKnjaRb4nQ | |
| 22VEL7zVazHRMCkJcKxrTP2AImf1UeWZdDwWQ1raphgdFF4mULZhgpfrya8G64C0 | |
| aDHrZUY3xVMBho= | |
| DKIM-Signature: | v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id |
| :list-unsubscribe:list-subscribe:list-archive:list-post | |
| :list-help:sender:from:to:subject:date:message-id:mime-version | |
| :content-type; s=default; bh=tCa5c4ZzIo6uVgEQ+CfgfZd4nQQ=; b=bkw | |
| RcoWnH5wWIfAR3uvWzoH3zY6RoH7rNjPc/vMWQPHIyyNg+crhZKc2RdgjesQCVvG | |
| PhQWP2XSypUhy7y7wClamP7anvuYo6sTTRSSaJhBYAKUIVL9zietMHNw8KXWY887 | |
| G5ntoLPiDBMVR30QmYCMH4iNOuTg4ExG49ZLeULg= | |
| Mailing-List: | contact cygwin-help AT cygwin DOT com; run by ezmlm |
| List-Id: | <cygwin.cygwin.com> |
| List-Subscribe: | <mailto:cygwin-subscribe AT cygwin DOT com> |
| List-Archive: | <http://sourceware.org/ml/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs> |
| Sender: | cygwin-owner AT cygwin DOT com |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| Delivered-To: | mailing list cygwin AT cygwin DOT com |
| X-Spam-SWARE-Status: | No, score=0.3 required=5.0 tests=AWL,BAYES_50,RCVD_VIA_APNIC,RP_MATCHES_RCVD,SPF_HELO_PASS autolearn=ham version=3.3.1 |
| From: | Fedin Pavel <p DOT fedin AT samsung DOT com> |
| To: | cygwin AT cygwin DOT com |
| Subject: | [PATCH] Check for existence of the path before processing '..' |
| Date: | Tue, 11 Jun 2013 17:08:13 +0400 |
| Message-id: | <001401ce66a4$bb9029a0$32b07ce0$%fedin@samsung.com> |
| MIME-version: | 1.0 |
| X-Virus-Found: | No |
------=_NextPart_000_0015_01CE66C6.42A1C9A0
Content-Type: text/plain;
charset="us-ascii"
Content-Transfer-Encoding: 7bit
Hello!
Some time ago i reported ability to access things like
"/usr/nonexistent/..bin". I still had this problem and i tried my hands on
fixing it.
The patch works by checking the actual existence of the path before
removing the last component from it. For performance reasons, only one check
is done for things like "../..". Because, obviously, if "/foo/bar/baz"
exists, then "/foo/bar" exists too. Also, the check is done only after some
components have been added to the path. So, for example, current directory
(obtained when processing relative paths), will not be checked.
I tried to add a similar test also to normalize_win32_path() function,
however this broke things like "cd /usr/src/..". For some reason, a POSIX
version of the path (but with reversed slashes) is passed to this routine
when expanding mount points, so, consequently, test for "\usr\src" using
GetFileType() fails.
I think it's ok, at least POSIX paths now behave in POSIX way. I have
tested against performance, there is some loss (~0.2 seconds), but only for
referencing '..'.
With this patch i am able to compile the latest version of glibc with no
problems.
Kind regards,
Pavel Fedin
Expert Engineer
Samsung Electronics Research center Russia
------=_NextPart_000_0015_01CE66C6.42A1C9A0
Content-Type: application/octet-stream;
name="cygwin-1.7.19-8-check-parent-path-before-double-dot.diff"
Content-Transfer-Encoding: quoted-printable
Content-Disposition: attachment;
filename="cygwin-1.7.19-8-check-parent-path-before-double-dot.diff"
diff -ru src.orig/winsup/cygwin/path.cc src/winsup/cygwin/path.cc=0A=
--- src.orig/winsup/cygwin/path.cc 2013-05-23 19:23:01.000000000 +0500=0A=
+++ src/winsup/cygwin/path.cc 2013-06-05 10:47:46.337297200 +0500=0A=
@@ -240,6 +240,7 @@=0A=
{=0A=
const char *in_src =3D src;=0A=
char *dst_start =3D dst;=0A=
+ bool check_parent =3D false;=0A=
syscall_printf ("src %s", src);=0A=
=20=0A=
if ((isdrive (src) && isdirsep (src[2])) || *src =3D=3D '\\')=0A=
@@ -275,7 +276,10 @@=0A=
goto win32_path;=0A=
/* Strip runs of /'s. */=0A=
if (!isslash (*src))=0A=
- *tail++ =3D *src++;=0A=
+ {=0A=
+ *tail++ =3D *src++;=0A=
+ check_parent =3D true;=0A=
+ }=0A=
else=0A=
{=0A=
while (*++src)=0A=
@@ -301,6 +305,22 @@=0A=
break;=0A=
else=0A=
{=0A=
+ /* According to POSIX semantics all elements of path must exist.=0A=
+ In order to follow it, we must validate our path before removing=0A=
+ the trailing component.=0A=
+ The trick with check_parent is needed for performance optimization,=
=0A=
+ in order not to verify paths which are already verified. For example=
=0A=
+ this prevents double check in case of foo/bar/../..=0A=
+ */=0A=
+ if (check_parent)=0A=
+ {=0A=
+ *tail =3D 0;=0A=
+ debug_printf ("checking %s before '..'", dst_start);=0A=
+ path_conv head (dst_start);=0A=
+ if (!head.isdir())=0A=
+ return ENOENT;=0A=
+ check_parent =3D false;=0A=
+ }=0A=
while (tail > dst_start && !isslash (*--tail))=0A=
continue;=0A=
src++;=0A=
------=_NextPart_000_0015_01CE66C6.42A1C9A0
Content-Type: text/plain; charset=us-ascii
--
Problem reports: http://cygwin.com/problems.html
FAQ: http://cygwin.com/faq/
Documentation: http://cygwin.com/docs.html
Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple
------=_NextPart_000_0015_01CE66C6.42A1C9A0--
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |