X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:mime-version :content-type; q=dns; s=default; b=XvFDdl9nioRmU1MgEbB19DGiEXTwD pjGEtNfzq6eH7IdSHbTWGUxcvycc8EexI/Fm9ZDCfc0DnMYOjL1VR+CEKact0MQJ yMlmC+Ed+CLBdVr//dvC4MwBopzff6888s3+AbZTeA4UcWZzyL+FMHy5GGguaClT JSrLzPkQc7DOKs= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:mime-version :content-type; s=default; bh=SqB/XSREqsv9GD2OuNNE78CqCfE=; b=qNT lw8apspQfznGFYqJF8m9eSPdsrg8/oD5Itn23oyQWdFvnNaIDx+ES0Oa6IBJzSgr JPC4f6iHWGvUyTC/9IlLdjPBHHiwMEhlaent80js5NWX3oms13bkFLIJ67FV7UeV FQ3wxnvkeiTgZNLjhivdF9zEUwF3iKbJBASDWD58= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-6.4 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,SPF_PASS autolearn=ham version=3.3.2 spammy= X-HELO: us-smtp-1.mimecast.com From: Ken Harris To: "cygwin AT cygwin DOT com" Subject: Re: winsup\cygwin\path.cc issues Date: Fri, 4 May 2018 01:23:47 +0000 Message-ID: x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;DM2PR0501MB1310;7:684ese1aC4XG8pscpV3v/n67QW//qySXLeUVuGVwuxen4NaJh7IWNAxWB2EYLreT4/fYZodixqNs7Lx+JzlPjVWS2RIh0Aok8hcLLnv12+qDSf+SLdPKxIgpekJ73q3a745+Uvy5rEfh7VMaA2yBfWuikiVsOdmq10cPIwSlEHMOr9M49dHE+vKlOxkTJtn1Q5hGLYkhi+rIkPSmQZtOQxdYxT6pARWwmEVjPYXEQVtzx5OFt/WacvArwMxYBy3x x-ms-exchange-antispam-srfa-diagnostics: SOS; x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(49563074)(7193020);SRVR:DM2PR0501MB1310; x-ms-traffictypediagnostic: DM2PR0501MB1310: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(102415395)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231254)(944501410)(52105095)(6041310)(20161123560045)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(6072148)(201708071742011);SRVR:DM2PR0501MB1310;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0501MB1310; x-forefront-prvs: 06628F7CA4 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(39380400002)(366004)(39860400002)(346002)(376002)(396003)(199004)(189003)(43234003)(5660300001)(74316002)(5890100001)(55016002)(486006)(2900100001)(72206003)(7696005)(53936002)(97736004)(3280700002)(6116002)(305945005)(99286004)(14454004)(476003)(3660700001)(3846002)(2501003)(6916009)(1730700003)(66066001)(6436002)(25786009)(7736002)(86362001)(26005)(2906002)(8676002)(2351001)(106356001)(81166006)(316002)(229853002)(81156014)(68736007)(105586002)(6246003)(6506007)(59450400001)(99936001)(9686003)(33656002)(8936002)(102836004)(186003)(5250100002)(478600001)(5640700003)(53546011)(460985005);DIR:OUT;SFP:1101;SCL:1;SRVR:DM2PR0501MB1310;H:DM2PR0501MB1358.namprd05.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; x-microsoft-antispam-message-info: KnD54Wocnww2PMS5Z/46l8YKPFytJAiCd8swlQjRebCY+z7Vi5vQfjxh4p4uuu0kdAheNJbnp/8HoFDkZLDCodct9OaJHJOgE6sTqoOiIcNaRQaP6MGAsWW5kF7scnWWpu/eQECCTpArFjtfccPb+SDB9RwnStpCeCW46SQgbwsrrhqF7W/0nP3bQGH2msFg spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 45046162-02fe-4cd6-6d0b-08d5b15daf72 X-OriginatorOrg: mathworks.com X-MS-Exchange-CrossTenant-Network-Message-Id: 45046162-02fe-4cd6-6d0b-08d5b15daf72 X-MS-Exchange-CrossTenant-originalarrivaltime: 04 May 2018 01:23:47.5286 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 99dd3a11-4348-4468-9bdd-e5072b1dc1e6 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0501MB1310 X-MC-Unique: LY9mTpRAOFmRUbuaKxvzhw-1 Content-Type: multipart/mixed; boundary="_002_DM2PR0501MB1358382033C52CD40E92634F8A860DM2PR0501MB1358_" --_002_DM2PR0501MB1358382033C52CD40E92634F8A860DM2PR0501MB1358_ Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable Hi Marco: Sorry for not replying to the original exchange we had. I w= asn't subscribed to the list but now I am so it won't happen again (so I'm = quoting our exchange below). =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 I installed and built cygwin1.dll with an added assert in p= ath.cc to identify when the buffer underrun condition I originally describe= d occurs: $ diff -b ./cygwin-2.10.0-1.src/newlib-cygwin/winsup/cygwin/path.cc.ORIG ./= cygwin-2.10.0-1.src/newlib-cygwin/winsup/cygwin/path.cc 2803c2803 < ; --- > assert(p >=3D path); Thus, a simple: cat '\A../../../B' will result in the assert firing: kharris AT ah-kharris /usr/src $ cat '\A../../../B' assertion "p >=3D path" failed: file "../../.././winsup/cygwin/path.cc", li= ne 2803, function: int symlink_info::check(char*, const suffix_info*, fs_in= fo&, path_conv_handle&) Aborted (core dumped) Attached is a patch (in addition to the added assert) with what I *think* m= ight really fix the problem. This was where the expected backslash got squa= shed which allowed symlink_info::check() to go "negative" with its 'p' poin= ter and look for a backslash in someone else's memory. I've applied this "correction" in our MSYS2 code. I hope t= o get some flight-time with it soon (long duration, automated processing) = and if it causes unexpected problems, I'll report back on that. Otherwise, = I just hope it might be helpful to anyone who might run into similar puzzli= ng circumstances (the puzzle is when the errant 'p' pointer _doesn't_ find = a stray backslash in someone else's memory. It segv-s and _that_ was the na= sty part of the puzzle). Thanks, -Ken On 5/2/2018 3:49 PM, Ken Harris wrote: Hi: While originally investigating a sporadic failure in M= SYS2, I believe I found that its origin may actually be within Cygwin. Given the following command sequence on cygwin64 in a = CMD.EXE command prompt (on Windows 10 x64 if it matters). cd C:\Cygwin64\bin echo.exe running \"test\" logging to ../../../my.log Not clear to me what is the exact command line to replicate In addition "C:\Cygwin64\bin" is "/bin" so where do you expect /bin/../../../my.log to be ? Regards Marco --_002_DM2PR0501MB1358382033C52CD40E92634F8A860DM2PR0501MB1358_ Content-Type: application/octet-stream; name="path.cc.patch" Content-Description: path.cc.patch Content-Disposition: attachment; filename="path.cc.patch"; size=1745; creation-date="Fri, 04 May 2018 01:22:13 GMT"; modification-date="Fri, 04 May 2018 00:20:54 GMT" Content-Transfer-Encoding: base64 LS0tIC4vY3lnd2luLTIuMTAuMC0xLnNyYy9uZXdsaWItY3lnd2luL3dpbnN1 cC9jeWd3aW4vcGF0aC5jYy5PUklHCTIwMTgtMDUtMDMgMTk6NDM6MDAuNDgy NDcyMTAwIC0wNDAwCisrKyAuL2N5Z3dpbi0yLjEwLjAtMS5zcmMvbmV3bGli LWN5Z3dpbi93aW5zdXAvY3lnd2luL3BhdGguY2MJMjAxOC0wNS0wMyAyMDow OTo0NC4wMzU2MzA3MDAgLTA0MDAKQEAgLTEzNDIsNiArMTM0Miw3IEBACiBp bnQKIG5vcm1hbGl6ZV93aW4zMl9wYXRoIChjb25zdCBjaGFyICpzcmMsIGNo YXIgKmRzdCwgY2hhciAqJnRhaWwpCiB7CisgIGludCBkcnZwcmVmaXhsZW4g PSAwOwogICBjb25zdCBjaGFyICpzcmNfc3RhcnQgPSBzcmM7CiAgIGJvb2wg YmVnX3NyY19zbGFzaCA9IGlzZGlyc2VwIChzcmNbMF0pOwogCkBAIC0xMzg1 LDkgKzEzODYsMTAgQEAKIAkqdGFpbCsrID0gY3lnX3RvdXBwZXIgKCpzcmMr Kyk7CiAgICAgICBlbHNlIGlmICgqc3JjICE9ICcvJykKIAl7Ci0JICBpZiAo YmVnX3NyY19zbGFzaCkKLQkgICAgdGFpbCArPSBjeWdoZWFwLT5jd2QuZ2V0 X2RyaXZlIChkc3QpOwotCSAgZWxzZSBpZiAoIWN5Z2hlYXAtPmN3ZC5nZXQg KGRzdCwgMCkpCisJICBpZiAoYmVnX3NyY19zbGFzaCkgeworCSAgICBkcnZw cmVmaXhsZW4gPSBjeWdoZWFwLT5jd2QuZ2V0X2RyaXZlIChkc3QpOworCSAg ICB0YWlsICs9IGRydnByZWZpeGxlbjsKKwkgIH0gZWxzZSBpZiAoIWN5Z2hl YXAtPmN3ZC5nZXQgKGRzdCwgMCkpCiAJICAgIHJldHVybiBnZXRfZXJybm8g KCk7CiAJICBlbHNlCiAJICAgIHsKQEAgLTE0MjMsMTAgKzE0MjUsMTAgQEAK IAkgIGVsc2UKIAkgICAgewogCSAgICAgIC8qIEJhY2sgdXAgb3ZlciAvLCBi dXQgbm90IGlmIGl0J3MgdGhlIGZpcnN0IG9uZS4gICovCi0JICAgICAgaWYg KHRhaWwgPiBkc3QgKyAxKQorCSAgICAgIGlmICh0YWlsID4gZHN0ICsgMSAr IGRydnByZWZpeGxlbikKIAkJdGFpbC0tOwogCSAgICAgIC8qIE5vdyBiYWNr IHVwIHRvIHRoZSBuZXh0IC8uICAqLwotCSAgICAgIHdoaWxlICh0YWlsID4g ZHN0ICsgMSAmJiB0YWlsWy0xXSAhPSAnXFwnICYmIHRhaWxbLTJdICE9ICc6 JykKKwkgICAgICB3aGlsZSAodGFpbCA+IGRzdCArIDEgKyBkcnZwcmVmaXhs ZW4gJiYgdGFpbFstMV0gIT0gJ1xcJyAmJiB0YWlsWy0yXSAhPSAnOicpCiAJ CXRhaWwtLTsKIAkgICAgICBzcmMgKz0gMjsKIAkgICAgICAvKiBTa2lwIC8n cyB0byB0aGUgbmV4dCBwYXRoIGNvbXBvbmVudC4gKi8KQEAgLTE0NDYsNyAr MTQ0OCw3IEBACiAgICAgICBpZiAoKHRhaWwgLSBkc3QpID49IE5UX01BWF9Q QVRIKQogCXJldHVybiBFTkFNRVRPT0xPTkc7CiAgICAgfQotICBpZiAodGFp bCA+IGRzdCArIDEgJiYgdGFpbFstMV0gPT0gJy4nICYmIHRhaWxbLTJdID09 ICdcXCcpCisgIGlmICh0YWlsID4gZHN0ICsgMSArIGRydnByZWZpeGxlbiAm JiB0YWlsWy0xXSA9PSAnLicgJiYgdGFpbFstMl0gPT0gJ1xcJykKICAgICB0 YWlsLS07CiAgICp0YWlsID0gJ1wwJzsKICAgZGVidWdfcHJpbnRmICgiJXMg PSBub3JtYWxpemVfd2luMzJfcGF0aCAoJXMpIiwgZHN0LCBzcmNfc3RhcnQp OwpAQCAtMjgwMCw3ICsyODAyLDcgQEAKIAkgICAgICBpZiAoKnAgIT0gJy4n ICYmICpwICE9ICcgJykKIAkJewogCQkgIHdoaWxlICgqLS1wICE9ICdcXCcp Ci0JCSAgICA7CisJCSAgICBhc3NlcnQocCA+PSBwYXRoKTsKIAkJICBpZiAo KisrcCAhPSAnICcpCiAJCSAgICBwID0gTlVMTDsKIAkJfQo= --_002_DM2PR0501MB1358382033C52CD40E92634F8A860DM2PR0501MB1358_ Content-Type: text/plain; charset=us-ascii -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple --_002_DM2PR0501MB1358382033C52CD40E92634F8A860DM2PR0501MB1358_--