X-Recipient: archive-cygwin AT delorie DOT com DomainKey-Signature: a=rsa-sha1; c=nofws; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:references :in-reply-to:mime-version:content-type :content-transfer-encoding; q=dns; s=default; b=nzcc1wFaCx7/IhaT Mm816OsOTHQhj1j07JOXxoqJzUuBESFWfnjpH1nn0X7ILxIYRvnd4IuSELHxR5vH TQ088ubxRQ76aW8mPqhAS3xmKeziWmLXRGb0eiO1DbDTVig5ePhwy2rO4A0b06p5 1ErPpdzJEu3cncjz0TCqFcxiMhE= DKIM-Signature: v=1; a=rsa-sha1; c=relaxed; d=sourceware.org; h=list-id :list-unsubscribe:list-subscribe:list-archive:list-post :list-help:sender:from:to:subject:date:message-id:references :in-reply-to:mime-version:content-type :content-transfer-encoding; s=default; bh=7JkXcsmqroGFYOSQkgOhy3 Us6kY=; b=M+b68PQ7+UJWoOn9wPGXFdaGvKwoaCtlwfMUPglA6/b/SI8WQ3AWkU hhyz3QcIqO/Aha0zUnM/24+3hxFGTQnh93FaWHvRsggVPpNLZHHshuMWmX6Jq/Gd 7Z8jQWE1B2rzGZ1fCCnqTW2guZ1S4lN1DoJ2o1x5WFUBzESdLeDpw= Mailing-List: contact cygwin-help AT cygwin DOT com; run by ezmlm List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner AT cygwin DOT com Mail-Followup-To: cygwin AT cygwin DOT com Delivered-To: mailing list cygwin AT cygwin DOT com Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-6.5 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,MIME_BASE64_BLANKS autolearn=ham version=3.3.2 spammy= X-HELO: us-smtp-delivery-1.mimecast.com From: Ken Harris To: "cygwin AT cygwin DOT com" Subject: RE: winsup\cygwin\path.cc issues Date: Wed, 30 May 2018 01:04:10 +0000 Message-ID: References: <20180529163141 DOT GI3501 AT calimero DOT vinschen DOT de> In-Reply-To: <20180529163141.GI3501@calimero.vinschen.de> x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;BN6PR05MB2833;7:o1ylgFjJg4vdj4m5Q5LiMOF5Usnq2EjAVOPzkFbCIdHZLi6WzcR/dOrtEobwkzhAYZJWxp4ujFBCpYU3fjGdZMBRFisczafLr+hMvfZZmj4WHwUYU0J1hBJQpy8fs1KFW8EDXYOyKJvd08iw7idCEh0iR0WJY2yLGDrRRZgLalHbxCjS6NLgvaj5NORAyd5GcRB/uDxigfxqeJCeZoDGqCbu7npbc5jGv+dLuNjANuCOC9ItkRjefH0T7S4H89ls x-ms-exchange-antispam-srfa-diagnostics: SOS; x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(7193020);SRVR:BN6PR05MB2833; x-ms-traffictypediagnostic: BN6PR05MB2833: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:(159968658992688); x-ms-exchange-senderadcheck: 1 x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(6040522)(2401047)(5005006)(8121501046)(10201501046)(93006095)(93001095)(3231254)(944501410)(52105095)(3002001)(149027)(150027)(6041310)(20161123558120)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123560045)(20161123564045)(20161123562045)(6072148)(201708071742011)(7699016);SRVR:BN6PR05MB2833;BCL:0;PCL:0;RULEID:;SRVR:BN6PR05MB2833; x-forefront-prvs: 0688BF9B46 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(396003)(346002)(39850400004)(366004)(376002)(39380400002)(189003)(199004)(43234003)(13464003)(186003)(3280700002)(55016002)(476003)(486006)(25786009)(102836004)(5640700003)(74316002)(6436002)(305945005)(6506007)(66066001)(14454004)(11346002)(7736002)(6246003)(26005)(86362001)(446003)(68736007)(53936002)(5660300001)(76176011)(7696005)(9686003)(229853002)(6306002)(105586002)(53546011)(2351001)(72206003)(33656002)(81166006)(81156014)(6116002)(2900100001)(106356001)(2906002)(966005)(3846002)(478600001)(6916009)(316002)(8936002)(5250100002)(97736004)(5890100001)(3660700001)(8676002)(99286004)(2501003)(1730700003);DIR:OUT;SFP:1101;SCL:1;SRVR:BN6PR05MB2833;H:BN6PR05MB3444.namprd05.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;MX:1;A:1; x-microsoft-antispam-message-info: 1x3l1IgqE2EyDBD6hKJXv4dsvKSvdxaT0KjNbyMwTEeTJlS25inLbzkw6SXdbXp8hln8mlI0mevSZXi4ZIZNaO6FEVOwIGpUM/vuyEzSvbL901i+MbfvjzT4/f72dEWXOyHJquMBhIeyF130TbY2IK0PDerOh1k1a5mTx5GINDWfCE3JGr+AGAAsFbudv0wA spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: ced69490-e264-442c-cb36-08d5c5c940d3 X-OriginatorOrg: mathworks.com X-MS-Exchange-CrossTenant-Network-Message-Id: ced69490-e264-442c-cb36-08d5c5c940d3 X-MS-Exchange-CrossTenant-originalarrivaltime: 30 May 2018 01:04:10.8212 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 99dd3a11-4348-4468-9bdd-e5072b1dc1e6 X-MS-Exchange-Transport-CrossTenantHeadersStamped: BN6PR05MB2833 X-MC-Unique: 0Bz4QyB_OV2GFD4L5-Mk_A-1 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit X-MIME-Autoconverted: from base64 to 8bit by delorie.com id w4U14XHm022495 Thank you so much, Corinna: So far - it looks great. I'll roll your patch into our MSYS2 build which will exercise it about as widely as we possibly can. If I see anything amiss, I'll track it down, and if I can repro in Cygwin alone, I'll report back. Again, Thanks! -Ken -----Original Message----- From: Corinna Vinschen [mailto:corinna-cygwin AT cygwin DOT com] Sent: Tuesday, May 29, 2018 12:32 PM To: cygwin AT cygwin DOT com Cc: Ken Harris Subject: Re: winsup\cygwin\path.cc issues Hi Ken, On May 4 01:23, Ken Harris wrote: > Hi Marco: Sorry for not replying to the original exchange we had. I > wasn't subscribed to the list but now I am so it won't happen again > (so I'm quoting our exchange below). > > I installed and built cygwin1.dll with an added assert > in path.cc to identify when the buffer underrun > condition I originally described occurs: > > $ diff -b > ./cygwin-2.10.0-1.src/newlib-cygwin/winsup/cygwin/path.cc.ORIG > ./cygwin-2.10.0-1.src/newlib-cygwin/winsup/cygwin/path.cc 2803c2803 < > ; --- > > assert(p >= path); > > Thus, a simple: > > cat '\A../../../B' > > will result in the assert firing: > > kharris AT ah-kharris /usr/src $ cat '\A../../../B' assertion "p >= path" > failed: file "../../.././winsup/cygwin/path.cc", line 2803, function: > int symlink_info::check(char*, const suffix_info*, fs_info&, > path_conv_handle&) Aborted (core dumped) > > Attached is a patch (in addition to the added assert) with what I > *think* might really fix the problem. This was where the expected > backslash got squashed which allowed symlink_info::check() to go > "negative" with its 'p' pointer and look for a backslash in someone > else's memory. Thanks for your preliminary work, but as far as I can see this isn't the entire solution. The same problem occurs if your CWD is the root of a drive, e.g., C:\, and you call cat A../../../B. Even simpler, try `cat 'C:\A../../../B'' The reason is that the code in normalize_win32_path never actually ignores drive prefixes. There's an implicit (and oh so wrong) assumption that any path starts with a slash or backslash one way or the other. It's pretty weird that it took so long to find this blatant problem. I applied a patch which hopefully fixes this problem in all code paths: https://sourceware.org/git/?p=newlib-cygwin.git;a=commitdiff;h=35998fc2fa6c I also left your assertion in the code for now as an additional patch https://sourceware.org/git/?p=newlib-cygwin.git;a=commitdiff;h=7d00a5e320db just to be sure, but I will take this out again before a release. I uploaded new developer snapshots to https://cygwin.com/snapshots/ containing the above patches. Please give them a try. Thanks, Corinna -- Corinna Vinschen Please, send mails regarding Cygwin to Cygwin Maintainer cygwin AT cygwin DOT com Red Hat -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple