DMARC-Filter: OpenDMARC Filter v1.4.2 delorie.com 63LHtWKF1562164 Authentication-Results: delorie.com; dmarc=pass (p=none dis=none) header.from=cygwin.com Authentication-Results: delorie.com; spf=pass smtp.mailfrom=cygwin.com DKIM-Filter: OpenDKIM Filter v2.11.0 delorie.com 63LHtWKF1562164 Authentication-Results: delorie.com; dkim=pass (1024-bit key, unprotected) header.d=cygwin.com header.i=@cygwin.com header.a=rsa-sha256 header.s=default header.b=pf7bhzMb X-Recipient: archive-cygwin AT delorie DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 936574BA2E3D DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=cygwin.com; s=default; t=1776794130; bh=7zMcaj9rfeeI9YHYNgnxFmDJRA0gqu3FaOMj/AvvSs4=; h=Date:To:Subject:References:In-Reply-To:List-Id:List-Unsubscribe: List-Archive:List-Post:List-Help:List-Subscribe:From:Reply-To:Cc: From; b=pf7bhzMb3+LW84ypSRY7ci1WcmvaSCUGuZHYZwIRdzCJG2RMvg1f7sfFc+59Pn/Yi R1eZN3bq1J8VXnXMfuoCOn43DrQbKXm55vvPbH5qlI74LucuSy28xiNcK46iNky8Iv iDI296+myx6WPy4ZIaQ81jZtkF/1LKEYVRztkcAE= X-Original-To: cygwin AT cygwin DOT com Delivered-To: cygwin AT cygwin DOT com DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org 951364BA2E04 Date: Tue, 21 Apr 2026 19:55:11 +0200 To: James Warnock Subject: Re: cygrunsrv CWE-428 Message-ID: Mail-Followup-To: James Warnock , cygwin AT cygwin DOT com References: MIME-Version: 1.0 Content-Disposition: inline In-Reply-To: X-BeenThere: cygwin AT cygwin DOT com X-Mailman-Version: 2.1.30 Precedence: list List-Id: General Cygwin discussions and problem reports List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , From: Corinna Vinschen via Cygwin Reply-To: cygwin AT cygwin DOT com Cc: Corinna Vinschen , cygwin AT cygwin DOT com Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: cygwin-bounces~archive-cygwin=delorie DOT com AT cygwin DOT com Sender: "Cygwin" Hi James, thanks for the patch. One point, though: On Apr 21 08:57, James Warnock via Cygwin wrote: > diff --git a/cygrunsrv.cc b/cygrunsrv.cc > index dab8790..c3b04ee 100644 > --- a/cygrunsrv.cc > +++ b/cygrunsrv.cc > @@ -810,6 +810,7 @@ install_service (const char *name, const char *crspath, const char *disp, > int interactive) > { > char mypath[MAX_PATH]; > + char* mypath_p = mypath; > SC_HANDLE sm = (SC_HANDLE) 0; > SC_HANDLE sh = (SC_HANDLE) 0; > char userbuf[INTERNET_MAX_HOST_NAME_LENGTH + UNLEN + 2]; > @@ -824,28 +825,31 @@ install_service (const char *name, const char *crspath, const char *disp, > if (!san.server ()) > check_system_mounts (); > > + mypath[0] = '"'; > + mypath_p++; > if (crspath) /* Got path, nothing to do. */ > { > - cygwin_conv_path (CCP_POSIX_TO_WIN_A, crspath, mypath, MAX_PATH); > + cygwin_conv_path (CCP_POSIX_TO_WIN_A, crspath, mypath_p, MAX_PATH-2); ^^^^^^^^^^ > if (strcasecmp (mypath + strlen (mypath) - 4, ".exe") != 0) > strcat (mypath, ".exe"); > } > else if (san.server ()) /* Figure out cygrunsrv path on remote server. */ > { > - DWORD ret, type, size = MAX_PATH - 20; > + DWORD ret, type, size = MAX_PATH - 22; ^^^^^^^^^^^^^ Rather than further restricting the maximum path length, wouldn't it make sense to raise the size of mypath to MAX_PATH + 2? Thanks, Corinna -- Problem reports: https://cygwin.com/problems.html FAQ: https://cygwin.com/faq/ Documentation: https://cygwin.com/docs.html Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple