| delorie.com/archives/browse.cgi | search |
| DMARC-Filter: | OpenDMARC Filter v1.4.2 delorie.com 63LHtWKF1562164 |
| Authentication-Results: | delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com |
| Authentication-Results: | delorie.com; spf=pass smtp.mailfrom=cygwin.com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 delorie.com 63LHtWKF1562164 |
| Authentication-Results: | delorie.com; |
| dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=pf7bhzMb | |
| X-Recipient: | archive-cygwin AT delorie DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 936574BA2E3D |
| DKIM-Signature: | v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; |
| s=default; t=1776794130; | |
| bh=7zMcaj9rfeeI9YHYNgnxFmDJRA0gqu3FaOMj/AvvSs4=; | |
| h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe: | |
| List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: | |
| From; | |
| b=pf7bhzMb3+LW84ypSRY7ci1WcmvaSCUGuZHYZwIRdzCJG2RMvg1f7sfFc+59Pn/Yi | |
| R1eZN3bq1J8VXnXMfuoCOn43DrQbKXm55vvPbH5qlI74LucuSy28xiNcK46iNky8Iv | |
| iDI296+myx6WPy4ZIaQ81jZtkF/1LKEYVRztkcAE= | |
| X-Original-To: | cygwin AT cygwin DOT com |
| Delivered-To: | cygwin AT cygwin DOT com |
| DKIM-Filter: | OpenDKIM Filter v2.11.0 sourceware.org 951364BA2E04 |
| Date: | Tue, 21 Apr 2026 19:55:11 +0200 |
| To: | James Warnock <james DOT warnock AT rackwareinc DOT com> |
| Subject: | Re: cygrunsrv CWE-428 |
| Message-ID: | <aee5_xG7tKyT_-9k@calimero.vinschen.de> |
| Mail-Followup-To: | James Warnock <james DOT warnock AT rackwareinc DOT com>, |
| cygwin AT cygwin DOT com | |
| References: | <ee2370b2-34d7-4501-8a4c-49f0b1abd13f AT rackwareinc DOT com> |
| MIME-Version: | 1.0 |
| In-Reply-To: | <ee2370b2-34d7-4501-8a4c-49f0b1abd13f@rackwareinc.com> |
| X-BeenThere: | cygwin AT cygwin DOT com |
| X-Mailman-Version: | 2.1.30 |
| List-Id: | General Cygwin discussions and problem reports <cygwin.cygwin.com> |
| List-Unsubscribe: | <https://cygwin.com/mailman/options/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=unsubscribe> | |
| List-Archive: | <https://cygwin.com/pipermail/cygwin/> |
| List-Post: | <mailto:cygwin AT cygwin DOT com> |
| List-Help: | <mailto:cygwin-request AT cygwin DOT com?subject=help> |
| List-Subscribe: | <https://cygwin.com/mailman/listinfo/cygwin>, |
| <mailto:cygwin-request AT cygwin DOT com?subject=subscribe> | |
| From: | Corinna Vinschen via Cygwin <cygwin AT cygwin DOT com> |
| Reply-To: | cygwin AT cygwin DOT com |
| Cc: | Corinna Vinschen <corinna-cygwin AT cygwin DOT com>, cygwin AT cygwin DOT com |
| Errors-To: | cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com |
| Sender: | "Cygwin" <cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com> |
Hi James,
thanks for the patch. One point, though:
On Apr 21 08:57, James Warnock via Cygwin wrote:
> diff --git a/cygrunsrv.cc b/cygrunsrv.cc
> index dab8790..c3b04ee 100644
> --- a/cygrunsrv.cc
> +++ b/cygrunsrv.cc
> @@ -810,6 +810,7 @@ install_service (const char *name, const char *crspath, const char *disp,
> int interactive)
> {
> char mypath[MAX_PATH];
> + char* mypath_p = mypath;
> SC_HANDLE sm = (SC_HANDLE) 0;
> SC_HANDLE sh = (SC_HANDLE) 0;
> char userbuf[INTERNET_MAX_HOST_NAME_LENGTH + UNLEN + 2];
> @@ -824,28 +825,31 @@ install_service (const char *name, const char *crspath, const char *disp,
> if (!san.server ())
> check_system_mounts ();
>
> + mypath[0] = '"';
> + mypath_p++;
> if (crspath) /* Got path, nothing to do. */
> {
> - cygwin_conv_path (CCP_POSIX_TO_WIN_A, crspath, mypath, MAX_PATH);
> + cygwin_conv_path (CCP_POSIX_TO_WIN_A, crspath, mypath_p, MAX_PATH-2);
^^^^^^^^^^
> if (strcasecmp (mypath + strlen (mypath) - 4, ".exe") != 0)
> strcat (mypath, ".exe");
> }
> else if (san.server ()) /* Figure out cygrunsrv path on remote server. */
> {
> - DWORD ret, type, size = MAX_PATH - 20;
> + DWORD ret, type, size = MAX_PATH - 22;
^^^^^^^^^^^^^
Rather than further restricting the maximum path length, wouldn't it
make sense to raise the size of mypath to MAX_PATH + 2?
Thanks,
Corinna
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
| webmaster | delorie software privacy |
| Copyright © 2019 by DJ Delorie | Updated Jul 2019 |