public inbox for cygwin-cvs@sourceware.org
help / color / mirror / Atom feed
From: Corinna Vinschen <corinna@sourceware.org>
To: cygwin-cvs@sourceware.org
Subject: [newlib-cygwin] Cygwin: fix quoting when starting invisible console process
Date: Tue, 05 Nov 2019 10:55:00 -0000 [thread overview]
Message-ID: <20191105105513.16258.qmail@sourceware.org> (raw)
https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=530b866c8e47af0effa7f913c2b7438d782ea03a
commit 530b866c8e47af0effa7f913c2b7438d782ea03a
Author: Corinna Vinschen <corinna@vinschen.de>
Date: Tue Nov 5 11:29:02 2019 +0100
Cygwin: fix quoting when starting invisible console process
fhandler_console::create_invisible_console_workaround() does not use the
lpApplicationName parameter and neglects to quote its command name on
lpCommandLine in the call to CreateProcessW.
Given CreateProcessW's brain-dead method to evaluate the application
path given on the command line, this opens up a security problem if
Cygwin is installed into a path with spaces in it.
Fix this by using the lpApplicationName parameter and quoting of the
application path in the lpCommandLine parameter (used as argv[0] in
the called console helper.
For extended paranoia, make the argument string array big enough to
fit full 64 bit pointer values into it. Handles usually only use
the lower 32 bit, but better safe than sorry.
Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
Diff:
---
winsup/cygwin/fhandler_console.cc | 12 +++++++-----
1 file changed, 7 insertions(+), 5 deletions(-)
diff --git a/winsup/cygwin/fhandler_console.cc b/winsup/cygwin/fhandler_console.cc
index 86c39db..2417592 100644
--- a/winsup/cygwin/fhandler_console.cc
+++ b/winsup/cygwin/fhandler_console.cc
@@ -3042,20 +3042,22 @@ fhandler_console::create_invisible_console_workaround ()
STARTUPINFOW si = {};
PROCESS_INFORMATION pi;
size_t len = helper.get_wide_win32_path_len ();
- WCHAR cmd[len + (2 * strlen (" 0xffffffff")) + 1];
+ WCHAR cmd[len + 1];
+ WCHAR args[len + 1 + (2 * sizeof (" 0xffffffffffffffff")) + 1];
WCHAR title[] = L"invisible cygwin console";
+ /* Create a new hidden process. Use the two event handles as
+ argv[1] and argv[2]. */
+
helper.get_wide_win32_path (cmd);
- __small_swprintf (cmd + len, L" %p %p", hello, goodbye);
+ __small_swprintf (args, L"\"%W\" %p %p", cmd, hello, goodbye);
si.cb = sizeof (si);
si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE;
si.lpTitle = title;
- /* Create a new hidden process. Use the two event handles as
- argv[1] and argv[2]. */
- BOOL x = CreateProcessW (NULL, cmd,
+ BOOL x = CreateProcessW (cmd, args,
&sec_none_nih, &sec_none_nih, true,
CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi);
if (x)
reply other threads:[~2019-11-05 10:55 UTC|newest]
Thread overview: [no followups] expand[flat|nested] mbox.gz Atom feed
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=20191105105513.16258.qmail@sourceware.org \
--to=corinna@sourceware.org \
--cc=cygwin-cvs@sourceware.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).