Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sources.redhat.com/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sources.redhat.com/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Date: Wed, 1 Jan 2003 10:05:10 +0000
From: "Steven O'Brien" <steven DOT obrien2 AT ntlworld DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: Heads up: *possible* bug in cygwin
Message-Id: <20030101100510.5b5b7f3f.steven.obrien2@ntlworld.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit

Hi
I found a possible glib buffer overflow that is cygwin-specific (due to
a bug in cygwin perhaps?) that I worked around when porting glib-1.2.10
to cygwin. Maybe this is still a problem in glib-2.0.x

In glib-1.2.10, gutils.c: g_get_any_init (void), the current user
details are obtained from /etc/passwd. This code is called as part of
glib initialisation, whether the app wants this data or not. It uses
sysconf (_SC_GETPW_R_SIZE_MAX) to decide how much buffer to allocate for
this data. But on cygwin this appears broken, and the call to getpwuid_r
(getuid (), &pwd, buffer, bufsize, &pw) *may* overrun buffer, depending
on the length of the line in /etc/passwd for the current user. So maybe,
Chuck, since May when you last saw this test pass, your /etc/passwd
entry has got longer?

From (hazy) memory, the buffer is 64 bytes, so if your /etc/passwd entry
has more than 64 chars (quite possible if you are using ntsec) then
memory gets trashed.

My patch works around this problem by allocating a buffer of 1024 bytes
for cygwin. I think I got this value by reading the cygwin dll source to
find a real upper bound, but it was a long time ago so this needs
checking. 

Of course a real fix is required to sysconf() /  getpwuid_r() in cygwin,
but to test this theory you could borrow the fix from my glib patch and
try it on glib 2.0.x

Regards,
Steven

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/