Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com
Message-ID: <427AD935.1010409@byu.net>
Date: Thu, 05 May 2005 20:40:53 -0600
From: Eric Blake <ebb9 AT byu DOT net>
User-Agent: Mozilla Thunderbird 1.0.2 (Windows/20050317)
MIME-Version: 1.0
To: Paul Eggert <eggert AT CS DOT UCLA DOT EDU>
CC: "Pierre A. Humblet" <Pierre DOT Humblet AT ieee DOT org>, cygwin AT cygwin DOT com,
   bug-coreutils AT gnu DOT org
Subject: Re: mkdir -p and network drives
References: <3 DOT 0 DOT 5 DOT 32 DOT 20050502232204 DOT 00b52180 AT incoming DOT verizon DOT net> <42777719 DOT 8090103 AT byu DOT net> <8764xym6vf DOT fsf AT penguin DOT cs DOT ucla DOT edu>
In-Reply-To: <8764xym6vf.fsf@penguin.cs.ucla.edu>
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: 7bit
X-IsSubscribed: yes

-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

According to Paul Eggert on 5/5/2005 2:09 AM:
> @@ -207,8 +207,14 @@ make_path (const char *argpath,
>        /* If we've saved the cwd and DIRPATH is an absolute pathname,
>  	 we must chdir to `/' in order to enable the chdir optimization.
>           So if chdir ("/") fails, turn off the optimization.  */
> -      if (do_chdir && *dirpath == '/' && chdir ("/") < 0)
> -	do_chdir = false;
> +      if (do_chdir && dirpath[0] == '/')
> +	{
> +	  /* POSIX says "//" might be special, so chdir to "//" if the
> +	     file name starts with exactly two slashes.  */
> +	  char const *root = "//" + (dirpath[1] != '/' || dirpath[2] == '/');

Oops - buffer overflow bug.  dirpath[2] is past the end of the string on
dirpath of "/", since you are only testing for dirpath[1] != '/'.  Try
this instead:

  char const *root = "//" + (dirpath[1] != '/'
                             || (*dirpath[1] && dirpath[2] == '/'));

True, dirpath was created via alloca, which on most architectures
allocates on word boundaries, so dirpath[2] is probably safe to reference,
but that is beside the point.  For that matter, since path names can be
arbitrary length (on some platforms), allocating dirpath with alloca is
asking for problems with the potential of stack overflow.

- --
Life is short - so eat dessert first!

Eric Blake             ebb9 AT byu DOT net
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.0 (Cygwin)
Comment: Public key at home.comcast.net/~ericblake/eblake.gpg
Comment: Using GnuPG with Thunderbird - http://enigmail.mozdev.org

iD8DBQFCetkz84KuGfSFAYARAveaAJ4nczwBy9G9D4qct3z4dhSo+C5YIACg0aMI
P2Dbg6xbPaoYLPR51j53DnA=
=TGwj
-----END PGP SIGNATURE-----

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Problem reports:       http://cygwin.com/problems.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/