This is the mail archive of the cygwin-patches mailing list for the Cygwin project.
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |
Other format: | [Raw text] |
getusershell(3) returns the next line from the '/etc/shells' file [1]. This contains a path to an executable, so it makes sense for 'buf' to contain PATH_MAX characters.
Now, the definition of PATH_MAX is the maximum length of the path, including the null terminator [2]. So the for() loop should copy PATH_MAX-1 characters, in order to allow for the null terminator.
However, by copying PATH_MAX characters, there is a possible buffer over-run when the null terminator is applied. The patch (attached) corrects this.
Change Log: 2014-05-18 David Stacey <drstacey@tiscali.co.uk> * winsup/cygwin/syscalls.cc(getusershell) : Fixed theoretical buffer overrun of 'buf' that would occur if /etc/shells contained a line longer than 4095 characters. Cheers, Dave. [1] http://linux.die.net/man/3/getusershell [2] http://pubs.opengroup.org/onlinepubs/009695399/basedefs/limits.h.html
Attachment:
getusershell_buffer_overrun.patch
Description: Text document
Index Nav: | [Date Index] [Subject Index] [Author Index] [Thread Index] | |
---|---|---|
Message Nav: | [Date Prev] [Date Next] | [Thread Prev] [Thread Next] |