X-Recipient: archive-cygwin AT delorie DOT com
X-Spam-Check-By: sourceware.org
Date: Tue, 13 Apr 2010 12:00:44 +0200
From: Corinna Vinschen <corinna-cygwin AT cygwin DOT com>
To: cygwin AT cygwin DOT com
Subject: Re: URGENT: patch to fix buffer overflow in cygwin1.dll in  versions 1.7.2 to 1.7.5
Message-ID: <20100413100044.GJ28908@calimero.vinschen.de>
Reply-To: cygwin AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
References: <20100413094736 DOT 22619 DOT qmail AT wizard DOT math DOT ualberta DOT ca>
MIME-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
In-Reply-To: <20100413094736.22619.qmail@wizard.math.ualberta.ca>
User-Agent: Mutt/1.5.20 (2009-06-14)
Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm
Precedence: bulk
List-Id: <cygwin.cygwin.com>
List-Unsubscribe: <mailto:cygwin-unsubscribe-archive-cygwin=delorie DOT com AT cygwin DOT com>
List-Subscribe: <mailto:cygwin-subscribe AT cygwin DOT com>
List-Archive: <http://sourceware.org/ml/cygwin/>
List-Post: <mailto:cygwin AT cygwin DOT com>
List-Help: <mailto:cygwin-help AT cygwin DOT com>, <http://sourceware.org/ml/#faqs>
Sender: cygwin-owner AT cygwin DOT com
Mail-Followup-To: cygwin AT cygwin DOT com
Delivered-To: mailing list cygwin AT cygwin DOT com

On Apr 13 09:47, John Bowman wrote:
> A serious buffer flow was introduced over 2 years ago (-r1.141 2008/02/14)
> when support for wide characters was added. The change below unleashed
> this bug, leading to random segmentation faults on forking when using
> cygwin 1.7.2 to 1.7.5 (e.g. when running kpsewhich or asymptote):
> 
> 2009-12-18  Corinna Vinschen  <OUTCH>

Outch!  Please do NOT quote raw email addresses in your mail.  I, for
one, am getting already more than enough spam as it is today.  Thanks for
considering.

> I recommend releasing a new cygwin1.dll as soon as possible.
> As an interim solution, I have applied the patch below and compiled it as
> the cygwin1.dll that ships with Asymptote-1.92:
> 
> https://sourceforge.net/projects/asymptote/files/asymptote/1.92/asymptote-1.92-setup.exe/download

Any chance you can just point to the Cygwin distro and prepare a
download area for your package instead of packing your own Cygwin?

> diff -ru cygwin.broken/cygheap.cc cygwin/cygheap.cc
> --- cygwin.broken/cygheap.cc	2009-10-03 05:28:04.000000000 -0700
> +++ cygwin/cygheap.cc	2010-04-12 05:43:47.640625000 -0700
> @@ -363,7 +363,7 @@
>  cwcsdup (const PWCHAR s)
>  {
>    MALLOC_CHECK;
> -  PWCHAR p = (PWCHAR) cmalloc (HEAP_STR, wcslen (s) + 1);
> +  PWCHAR p = (PWCHAR) cmalloc (HEAP_STR, (wcslen (s) + 1) * sizeof(wchar_t));
>    if (!p)
>      return NULL;
>    wcpcpy (p, s);
> @@ -375,7 +375,7 @@
>  cwcsdup1 (const PWCHAR s)
>  {
>    MALLOC_CHECK;
> -  PWCHAR p = (PWCHAR) cmalloc (HEAP_1_STR, wcslen (s) + 1);
> +  PWCHAR p = (PWCHAR) cmalloc (HEAP_1_STR, (wcslen (s) + 1) * sizeof(wchar_t));

Thanks for the patch.  I've applied it to CVS, just changed wchar_t to
WCHAR to match the rest of the function.  Fortunaltey this only affects
read access to /proc/registry so it's not *that* urgent.


Corinna

-- 
Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Project Co-Leader          cygwin AT cygwin DOT com
Red Hat

--
Problem reports:       http://cygwin.com/problems.html
FAQ:                   http://cygwin.com/faq/
Documentation:         http://cygwin.com/docs.html
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple