| delorie.com/archives/browse.cgi | search |
| DMARC-Filter: | OpenDMARC Filter v1.4.2 delorie.com 50DEbJ712859778 |
| Authentication-Results: | delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com |
| Authentication-Results: | delorie.com; spf=pass smtp.mailfrom=cygwin.com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 delorie.com 50DEbJ712859778 |
| Authentication-Results: | delorie.com; |
| dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=Q172Id0P | |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 6EFEE3857B8C |
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; |
| s=default; t=1736779038; | |
| bh=nFkp36iWTwINhuQRLNClpg0blumN6QgHAvcetskGyng=; | |
| h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe: | |
| List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: | |
| From; | |
| b=Q172Id0PY/p7Bh3xIaTkNKgcYxPG4oeG87fgjiA+Rb1FEELi2glbzLz03e8qFIFCQ | |
| 1qT8SANjCE9IuB2QvRJN7kKC0Shhwib47HuHOVV/UVXIZkEuhjx7M39gurrRBEKfpw | |
| LX3S9z91VJj7233H3ibPZ6j0vsDxY4jsB12ilW0o= | |
| X-Original-To: | cygwin AT cygwin DOT com |
| Delivered-To: | cygwin AT cygwin DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 0FC493858D21 |
| Date: | Mon, 13 Jan 2025 15:36:19 +0100 |
| To: | cygwin AT cygwin DOT com |
| Subject: | Re: Cygwin main function: vulnerable to wchar_t to char conversion |
| attacks or not? | |
| Message-ID: | <Z4Uk45VxvMaUfTWX@calimero.vinschen.de> |
| Mail-Followup-To: | cygwin AT cygwin DOT com |
| References: | <2bc465c57c4826ff6eebbd566a92346e AT kylheku DOT com> |
| <176904400 DOT 20250110103307 AT yandex DOT ru> | |
| <f1aa49a0-35c0-4df6-997e-33de5517adbc AT gmail DOT com> | |
| <58ddf2002fe1e33993102592eeb0c506 AT kylheku DOT com> | |
| MIME-Version: | 1.0 |
| In-Reply-To: | <58ddf2002fe1e33993102592eeb0c506@kylheku.com> |
| X-BeenThere: | cygwin AT cygwin DOT com |
| X-Mailman-Version: | 2.1.30 |
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com> |
| List-Unsubscribe: | <https://cygwin.com/mailman/options/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe> | |
| List-Archive: | <https://cygwin.com/pipermail/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help> |
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> | |
| From: | Corinna Vinschen via Cygwin <cygwin AT cygwin DOT com> |
| Reply-To: | cygwin AT cygwin DOT com |
| Cc: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com> |
| Errors-To: | cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com |
| Sender: | "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com> |
On Jan 10 13:52, Kaz Kylheku via Cygwin wrote: > On 2025-01-09 23:52, Marco Atzeri wrote: > > On 10/01/2025 08:33, Andrey Repin via Cygwin wrote: > >> Greetings, Kaz Kylheku! > >> > >>> Hi all, > >> > >>> I'm reading an article on attacks that are evidently possible against some Windows > >>> programs in the area of command line parsing. See below. > >> > >>> Does the Cygwin run-time rely on GetCommandLineA to get the char-based command > >>> line that is parsed into argv[]? > >> > >> You can answer this question yourself. The code is open. > > > > Specifically on https://cygwin.com/git/newlib-cygwin.git > > > > /pub/Cygwin/git/newlib-cygwin > > $ grep -rH GetCommandLineA . > > ./winsup/CVSChangeLogs.old/cygwin/ChangeLog-2013: (cygwin_GetCommandLineA): Ditto. > > ./winsup/cygwin/cygwin.din:GetCommandLineA AT 0 = cygwin_GetCommandLineA AT 0 NOSIGFE > > ./winsup/cygwin/include/cygwin/version.h: 268: Export GetCommandLineA, GetCommandLineW > > ./winsup/cygwin/kernel32.cc:/* Cygwin replacement for GetCommandLineA. Returns a concatenated string > > ./winsup/cygwin/kernel32.cc:cygwin_GetCommandLineA (void) > > I see that the kernel32.cc function uses RtlUnicodeStringtoAnsiString. > > The article I linked to mentions this specific function. The function does the > "BestFit" thing, converting Unicode characters to ASCII pseudo-equivalents. > > If Cygwin relies on this function for converting the process command line > into main() arguments, it is likely susceptible to argument injection. Yeah, but it doesn't. This is just a wrapper function for external apps. See function dll_crt0_1() in dcrt0.cc for the real deal. Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |