[newlib-cygwin] Cygwin: fix quoting when starting invisible console process

public inbox for cygwin-cvs@sourceware.org
help / color / mirror / Atom feed

* [newlib-cygwin] Cygwin: fix quoting when starting invisible console process
@ 2019-11-05 10:55 Corinna Vinschen
  0 siblings, 0 replies; only message in thread
From: Corinna Vinschen @ 2019-11-05 10:55 UTC (permalink / raw)
  To: cygwin-cvs

https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=530b866c8e47af0effa7f913c2b7438d782ea03a

commit 530b866c8e47af0effa7f913c2b7438d782ea03a
Author: Corinna Vinschen <corinna@vinschen.de>
Date:   Tue Nov 5 11:29:02 2019 +0100

    Cygwin: fix quoting when starting invisible console process
    
    fhandler_console::create_invisible_console_workaround() does not use the
    lpApplicationName parameter and neglects to quote its command name on
    lpCommandLine in the call to CreateProcessW.
    
    Given CreateProcessW's brain-dead method to evaluate the application
    path given on the command line, this opens up a security problem if
    Cygwin is installed into a path with spaces in it.
    
    Fix this by using the lpApplicationName parameter and quoting of the
    application path in the lpCommandLine parameter (used as argv[0] in
    the called console helper.
    
    For extended paranoia, make the argument string array big enough to
    fit full 64 bit pointer values into it.  Handles usually only use
    the lower 32 bit, but better safe than sorry.
    
    Signed-off-by: Corinna Vinschen <corinna@vinschen.de>

Diff:
---
 winsup/cygwin/fhandler_console.cc | 12 +++++++-----
 1 file changed, 7 insertions(+), 5 deletions(-)

diff --git a/winsup/cygwin/fhandler_console.cc b/winsup/cygwin/fhandler_console.cc
index 86c39db..2417592 100644
--- a/winsup/cygwin/fhandler_console.cc
+++ b/winsup/cygwin/fhandler_console.cc
@@ -3042,20 +3042,22 @@ fhandler_console::create_invisible_console_workaround ()
 	  STARTUPINFOW si = {};
 	  PROCESS_INFORMATION pi;
 	  size_t len = helper.get_wide_win32_path_len ();
-	  WCHAR cmd[len + (2 * strlen (" 0xffffffff")) + 1];
+	  WCHAR cmd[len + 1];
+	  WCHAR args[len + 1 + (2 * sizeof (" 0xffffffffffffffff")) + 1];
 	  WCHAR title[] = L"invisible cygwin console";
 
+	  /* Create a new hidden process.  Use the two event handles as
+	     argv[1] and argv[2]. */
+
 	  helper.get_wide_win32_path (cmd);
-	  __small_swprintf (cmd + len, L" %p %p", hello, goodbye);
+	  __small_swprintf (args, L"\"%W\" %p %p", cmd, hello, goodbye);
 
 	  si.cb = sizeof (si);
 	  si.dwFlags = STARTF_USESHOWWINDOW;
 	  si.wShowWindow = SW_HIDE;
 	  si.lpTitle = title;
 
-	  /* Create a new hidden process.  Use the two event handles as
-	     argv[1] and argv[2]. */
-	  BOOL x = CreateProcessW (NULL, cmd,
+	  BOOL x = CreateProcessW (cmd, args,
 				   &sec_none_nih, &sec_none_nih, true,
 				   CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi);
 	  if (x)


^ permalink raw reply	[flat|nested] only message in thread

only message in thread, other threads:[~2019-11-05 10:55 UTC | newest]

Thread overview: (only message) (download: mbox.gz / follow: Atom feed)
-- links below jump to the message on this page --
2019-11-05 10:55 [newlib-cygwin] Cygwin: fix quoting when starting invisible console process Corinna Vinschen

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for read-only IMAP folder(s) and NNTP newsgroup(s).