Mail Archives: cygwin/2018/05/29/21:04:35

delorie.com/archives/browse.cgi

search

Mail Archives: cygwin/2018/05/29/21:04:35

X-Recipient: archive-cygwin AT delorie DOT com

DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:from:to:subject:date:message-id:references

:in-reply-to:mime-version:content-type

:content-transfer-encoding; q=dns; s=default; b=nzcc1wFaCx7/IhaT

Mm816OsOTHQhj1j07JOXxoqJzUuBESFWfnjpH1nn0X7ILxIYRvnd4IuSELHxR5vH

TQ088ubxRQ76aW8mPqhAS3xmKeziWmLXRGb0eiO1DbDTVig5ePhwy2rO4A0b06p5

1ErPpdzJEu3cncjz0TCqFcxiMhE=

DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id

:list-unsubscribe:list-subscribe:list-archive:list-post

:list-help:sender:from:to:subject:date:message-id:references

:in-reply-to:mime-version:content-type

:content-transfer-encoding; s=default; bh=7JkXcsmqroGFYOSQkgOhy3

Us6kY=; b=M+b68PQ7+UJWoOn9wPGXFdaGvKwoaCtlwfMUPglA6/b/SI8WQ3AWkU

hhyz3QcIqO/Aha0zUnM/24+3hxFGTQnh93FaWHvRsggVPpNLZHHshuMWmX6Jq/Gd

7Z8jQWE1B2rzGZ1fCCnqTW2guZ1S4lN1DoJ2o1x5WFUBzESdLeDpw=

Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm

List-Id: <cygwin.cygwin.com>

List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>

List-Archive: <http://sourceware.org/ml/cygwin/>

List-Post: <mailto:cygwin AT cygwin DOT com>

List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>

Sender: cygwin-owner AT cygwin DOT com

Mail-Followup-To: cygwin AT cygwin DOT com

Delivered-To: mailing list cygwin AT cygwin DOT com

Authentication-Results: sourceware.org; auth=none

X-Virus-Found: No

X-Spam-SWARE-Status: No, score=-6.5 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,MIME_BASE64_BLANKS autolearn=ham version=3.3.2 spammy=

X-HELO: us-smtp-delivery-1.mimecast.com

From: Ken Harris <Ken DOT Harris AT mathworks DOT com>

To: "cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>

Subject: RE: winsup\cygwin\path.cc issues

Date: Wed, 30 May 2018 01:04:10 +0000

Message-ID: <BN6PR05MB344488E0136690B749EB18038A6C0@BN6PR05MB3444.namprd05.prod.outlook.com>

References: <DM2PR0501MB1358382033C52CD40E92634F8A860 AT DM2PR0501MB1358 DOT namprd05 DOT prod DOT outlook DOT com> <20180529163141 DOT GI3501 AT calimero DOT vinschen DOT de>

In-Reply-To: <20180529163141.GI3501@calimero.vinschen.de>

x-ms-publictraffictype: Email

x-microsoft-exchange-diagnostics: 1;BN6PR05MB2833;7:o1ylgFjJg4vdj4m5Q5LiMOF5Usnq2EjAVOPzkFbCIdHZLi6WzcR/dOrtEobwkzhAYZJWxp4ujFBCpYU3fjGdZMBRFisczafLr+hMvfZZmj4WHwUYU0J1hBJQpy8fs1KFW8EDXYOyKJvd08iw7idCEh0iR0WJY2yLGDrRRZgLalHbxCjS6NLgvaj5NORAyd5GcRB/uDxigfxqeJCeZoDGqCbu7npbc5jGv+dLuNjANuCOC9ItkRjefH0T7S4H89ls

x-ms-exchange-antispam-srfa-diagnostics: SOS;

x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);SRVR:BN6PR05MB2833;

x-ms-traffictypediagnostic: BN6PR05MB2833:

x-microsoft-antispam-prvs: <BN6PR05MB2833E77E210625F8C28CF4348A6C0 AT BN6PR05MB2833 DOT namprd05 DOT prod DOT outlook DOT com>

x-exchange-antispam-report-test: UriScan:(159968658992688);

x-ms-exchange-senderadcheck: 1

x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040522)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3231254)(944501410)(52105095)(3002001)(149027)(150027)(6041310)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(6072148)(201708071742011)(7699016);SRVR:BN6PR05MB2833;BCL:0;PCL:0;RULEID:;SRVR:BN6PR05MB2833;

x-forefront-prvs: 0688BF9B46

x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(396003)(346002)(39850400004)(366004)(376002)(39380400002)(189003)(199004)(43234003)(13464003)(186003)(3280700002)(55016002)(476003)(486006)(25786009)(102836004)(5640700003)(74316002)(6436002)(305945005)(6506007)(66066001)(14454004)(11346002)(7736002)(6246003)(26005)(86362001)(446003)(68736007)(53936002)(5660300001)(76176011)(7696005)(9686003)(229853002)(6306002)(105586002)(53546011)(2351001)(72206003)(33656002)(81166006)(81156014)(6116002)(2900100001)(106356001)(2906002)(966005)(3846002)(478600001)(6916009)(316002)(8936002)(5250100002)(97736004)(5890100001)(3660700001)(8676002)(99286004)(2501003)(1730700003);DIR:OUT;SFP:1101;SCL:1;SRVR:BN6PR05MB2833;H:BN6PR05MB3444.namprd05.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1;

x-microsoft-antispam-message-info: 1x3l1IgqE2EyDBD6hKJXv4dsvKSvdxaT0KjNbyMwTEeTJlS25inLbzkw6SXdbXp8hln8mlI0mevSZXi4ZIZNaO6FEVOwIGpUM/vuyEzSvbL901i+MbfvjzT4/f72dEWXOyHJquMBhIeyF130TbY2IK0PDerOh1k1a5mTx5GINDWfCE3JGr+AGAAsFbudv0wA

spamdiagnosticoutput: 1:99

spamdiagnosticmetadata: NSPM

MIME-Version: 1.0

X-MS-Office365-Filtering-Correlation-Id: ced69490-e264-442c-cb36-08d5c5c940d3

X-OriginatorOrg: mathworks.com

X-MS-Exchange-CrossTenant-Network-Message-Id: ced69490-e264-442c-cb36-08d5c5c940d3

X-MS-Exchange-CrossTenant-originalarrivaltime: 30 May 2018 01:04:10.8212 (UTC)

X-MS-Exchange-CrossTenant-fromentityheader: Hosted

X-MS-Exchange-CrossTenant-id: 99dd3a11-4348-4468-9bdd-e5072b1dc1e6

X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR05MB2833

X-MC-Unique: 0Bz4QyB_OV2GFD4L5-Mk_A-1

X-MIME-Autoconverted: from base64 to 8bit by delorie.com id w4U14XHm022495

Thank you so much, Corinna: So far - it looks great. I'll roll your patch into our MSYS2 build which will exercise it about as widely as we possibly can. If I see anything amiss, I'll track it down, and if I can repro in Cygwin alone, I'll report back. 
Again, Thanks!
-Ken

-----Original Message-----
From: Corinna Vinschen [mailto:corinna-cygwin AT cygwin DOT com] 
Sent: Tuesday, May 29, 2018 12:32 PM
To: cygwin AT cygwin DOT com
Cc: Ken Harris <Ken DOT Harris AT mathworks DOT com>
Subject: Re: winsup\cygwin\path.cc issues

Hi Ken,

On May  4 01:23, Ken Harris wrote:
> Hi Marco: Sorry for not replying to the original exchange we had. I 
> wasn't subscribed to the list but now I am so it won't happen again 
> (so I'm quoting our exchange below).
>                 
>                 I installed and built cygwin1.dll with an added assert
>                 in path.cc to identify when the buffer underrun
>                 condition I originally described occurs:
> 
> $ diff -b
> ./cygwin-2.10.0-1.src/newlib-cygwin/winsup/cygwin/path.cc.ORIG
> ./cygwin-2.10.0-1.src/newlib-cygwin/winsup/cygwin/path.cc 2803c2803 < 
> ; ---
> >                   assert(p >= path);
> 
>                 Thus, a simple:
> 
>                 cat '\A../../../B'
> 
>                 will result in the assert firing:
> 
> kharris AT ah-kharris /usr/src $ cat '\A../../../B' assertion "p >= path"
> failed: file "../../.././winsup/cygwin/path.cc", line 2803, function:
> int symlink_info::check(char*, const suffix_info*, fs_info&,
> path_conv_handle&) Aborted (core dumped)
> 
> Attached is a patch (in addition to the added assert) with what I
> *think* might really fix the problem. This was where the expected 
> backslash got squashed which allowed symlink_info::check() to go 
> "negative" with its 'p' pointer and look for a backslash in someone 
> else's memory.

Thanks for your preliminary work, but as far as I can see this isn't the entire solution.  The same problem occurs if your CWD is the root of a drive, e.g., C:\, and you call cat A../../../B.  Even simpler, try `cat 'C:\A../../../B''

The reason is that the code in normalize_win32_path never actually ignores drive prefixes.  There's an implicit (and oh so wrong) assumption that any path starts with a slash or backslash one way or the other.
It's pretty weird that it took so long to find this blatant problem.

I applied a patch which hopefully fixes this problem in all code paths:
https://sourceware.org/git/?p=newlib-cygwin.git;a=commitdiff;h=35998fc2fa6c

I also left your assertion in the code for now as an additional patch https://sourceware.org/git/?p=newlib-cygwin.git;a=commitdiff;h=7d00a5e320db
just to be sure, but I will take this out again before a release.

I uploaded new developer snapshots to https://cygwin.com/snapshots/
containing the above patches.  Please give them a try.


Thanks,
Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple

- Raw text -

webmaster	delorie software privacy
Copyright � 2019 by DJ Delorie	Updated Jul 2019

X-Recipient:	archive-cygwin AT delorie DOT com
DomainKey-Signature:	a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:date:message-id:references
	:in-reply-to:mime-version:content-type
	:content-transfer-encoding; q=dns; s=default; b=nzcc1wFaCx7/IhaT
	Mm816OsOTHQhj1j07JOXxoqJzUuBESFWfnjpH1nn0X7ILxIYRvnd4IuSELHxR5vH
	TQ088ubxRQ76aW8mPqhAS3xmKeziWmLXRGb0eiO1DbDTVig5ePhwy2rO4A0b06p5
	1ErPpdzJEu3cncjz0TCqFcxiMhE=
DKIM-Signature:	v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id
	:list-unsubscribe:list-subscribe:list-archive:list-post
	:list-help:sender:from:to:subject:date:message-id:references
	:in-reply-to:mime-version:content-type
	:content-transfer-encoding; s=default; bh=7JkXcsmqroGFYOSQkgOhy3
	Us6kY=; b=M+b68PQ7+UJWoOn9wPGXFdaGvKwoaCtlwfMUPglA6/b/SI8WQ3AWkU
	hhyz3QcIqO/Aha0zUnM/24+3hxFGTQnh93FaWHvRsggVPpNLZHHshuMWmX6Jq/Gd
	7Z8jQWE1B2rzGZ1fCCnqTW2guZ1S4lN1DoJ2o1x5WFUBzESdLeDpw=
Mailing-List:	contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Id:	<cygwin.cygwin.com>
List-Subscribe:	<mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive:	<http://sourceware.org/ml/cygwin/>
List-Post:	<mailto:cygwin AT cygwin DOT com>
List-Help:	<mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender:	cygwin-owner AT cygwin DOT com
Mail-Followup-To:	cygwin AT cygwin DOT com
Delivered-To:	mailing list cygwin AT cygwin DOT com
Authentication-Results:	sourceware.org; auth=none
X-Virus-Found:	No
X-Spam-SWARE-Status:	No, score=-6.5 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,MIME_BASE64_BLANKS autolearn=ham version=3.3.2 spammy=
X-HELO:	us-smtp-delivery-1.mimecast.com
From:	Ken Harris <Ken DOT Harris AT mathworks DOT com>
To:	"cygwin AT cygwin DOT com" <cygwin AT cygwin DOT com>
Subject:	RE: winsup\cygwin\path.cc issues
Date:	Wed, 30 May 2018 01:04:10 +0000
Message-ID:	<BN6PR05MB344488E0136690B749EB18038A6C0@BN6PR05MB3444.namprd05.prod.outlook.com>
References:	<DM2PR0501MB1358382033C52CD40E92634F8A860 AT DM2PR0501MB1358 DOT namprd05 DOT prod DOT outlook DOT com> <20180529163141 DOT GI3501 AT calimero DOT vinschen DOT de>
In-Reply-To:	<20180529163141.GI3501@calimero.vinschen.de>
x-ms-publictraffictype:	Email
x-microsoft-exchange-diagnostics:	1;BN6PR05MB2833;7:o1ylgFjJg4vdj4m5Q5LiMOF5Usnq2EjAVOPzkFbCIdHZLi6WzcR/dOrtEobwkzhAYZJWxp4ujFBCpYU3fjGdZMBRFisczafLr+hMvfZZmj4WHwUYU0J1hBJQpy8fs1KFW8EDXYOyKJvd08iw7idCEh0iR0WJY2yLGDrRRZgLalHbxCjS6NLgvaj5NORAyd5GcRB/uDxigfxqeJCeZoDGqCbu7npbc5jGv+dLuNjANuCOC9ItkRjefH0T7S4H89ls
x-ms-exchange-antispam-srfa-diagnostics:	SOS;
x-microsoft-antispam:	UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);SRVR:BN6PR05MB2833;
x-ms-traffictypediagnostic:	BN6PR05MB2833:
x-microsoft-antispam-prvs:	<BN6PR05MB2833E77E210625F8C28CF4348A6C0 AT BN6PR05MB2833 DOT namprd05 DOT prod DOT outlook DOT com>
x-exchange-antispam-report-test:	UriScan:(159968658992688);
x-ms-exchange-senderadcheck:	1
x-exchange-antispam-report-cfa-test:	BCL:0;PCL:0;RULEID:(6040522)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3231254)(944501410)(52105095)(3002001)(149027)(150027)(6041310)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(6072148)(201708071742011)(7699016);SRVR:BN6PR05MB2833;BCL:0;PCL:0;RULEID:;SRVR:BN6PR05MB2833;
x-forefront-prvs:	0688BF9B46
x-forefront-antispam-report:	SFV:NSPM;SFS:(10009020)(396003)(346002)(39850400004)(366004)(376002)(39380400002)(189003)(199004)(43234003)(13464003)(186003)(3280700002)(55016002)(476003)(486006)(25786009)(102836004)(5640700003)(74316002)(6436002)(305945005)(6506007)(66066001)(14454004)(11346002)(7736002)(6246003)(26005)(86362001)(446003)(68736007)(53936002)(5660300001)(76176011)(7696005)(9686003)(229853002)(6306002)(105586002)(53546011)(2351001)(72206003)(33656002)(81166006)(81156014)(6116002)(2900100001)(106356001)(2906002)(966005)(3846002)(478600001)(6916009)(316002)(8936002)(5250100002)(97736004)(5890100001)(3660700001)(8676002)(99286004)(2501003)(1730700003);DIR:OUT;SFP:1101;SCL:1;SRVR:BN6PR05MB2833;H:BN6PR05MB3444.namprd05.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1;
x-microsoft-antispam-message-info:	1x3l1IgqE2EyDBD6hKJXv4dsvKSvdxaT0KjNbyMwTEeTJlS25inLbzkw6SXdbXp8hln8mlI0mevSZXi4ZIZNaO6FEVOwIGpUM/vuyEzSvbL901i+MbfvjzT4/f72dEWXOyHJquMBhIeyF130TbY2IK0PDerOh1k1a5mTx5GINDWfCE3JGr+AGAAsFbudv0wA
spamdiagnosticoutput:	1:99
spamdiagnosticmetadata:	NSPM
MIME-Version:	1.0
X-MS-Office365-Filtering-Correlation-Id:	ced69490-e264-442c-cb36-08d5c5c940d3
X-OriginatorOrg:	mathworks.com
X-MS-Exchange-CrossTenant-Network-Message-Id:	ced69490-e264-442c-cb36-08d5c5c940d3
X-MS-Exchange-CrossTenant-originalarrivaltime:	30 May 2018 01:04:10.8212 (UTC)
X-MS-Exchange-CrossTenant-fromentityheader:	Hosted
X-MS-Exchange-CrossTenant-id:	99dd3a11-4348-4468-9bdd-e5072b1dc1e6
X-MS-Exchange-Transport-CrossTenantHeadersStamped:	BN6PR05MB2833
X-MC-Unique:	0Bz4QyB_OV2GFD4L5-Mk_A-1
X-MIME-Autoconverted:	from base64 to 8bit by delorie.com id w4U14XHm022495