From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <kbrown@sourceware.org>
Received: by sourceware.org (Postfix, from userid 2210)
 id BB75A38708E8; Tue,  8 Sep 2020 19:17:40 +0000 (GMT)
DKIM-Filter: OpenDKIM Filter v2.11.0 sourceware.org BB75A38708E8
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
From: Ken Brown <kbrown@sourceware.org>
To: cygwin-cvs@sourceware.org
Subject: [newlib-cygwin] Cygwin: format_process_fd: add directory check
X-Act-Checkin: newlib-cygwin
X-Git-Author: Ken Brown <kbrown@cornell.edu>
X-Git-Refname: refs/heads/master
X-Git-Oldrev: eaed594d736259c42affa7cf58f12492cbc5fb67
X-Git-Newrev: 58cc67d6536c73c463114a30b4f14f331137baeb
Message-Id: <20200908191740.BB75A38708E8@sourceware.org>
Date: Tue,  8 Sep 2020 19:17:40 +0000 (GMT)
X-BeenThere: cygwin-cvs@cygwin.com
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: Cygwin core component git logs <cygwin-cvs.cygwin.com>
List-Unsubscribe: <https://cygwin.com/mailman/options/cygwin-cvs>,
 <mailto:cygwin-cvs-request@cygwin.com?subject=unsubscribe>
List-Archive: <https://cygwin.com/pipermail/cygwin-cvs/>
List-Help: <mailto:cygwin-cvs-request@cygwin.com?subject=help>
List-Subscribe: <https://cygwin.com/mailman/listinfo/cygwin-cvs>,
 <mailto:cygwin-cvs-request@cygwin.com?subject=subscribe>
X-List-Received-Date: Tue, 08 Sep 2020 19:17:40 -0000

https://sourceware.org/git/gitweb.cgi?p=newlib-cygwin.git;h=58cc67d6536c73c463114a30b4f14f331137baeb

commit 58cc67d6536c73c463114a30b4f14f331137baeb
Author: Ken Brown <kbrown@cornell.edu>
Date:   Tue Sep 8 11:45:09 2020 -0400

    Cygwin: format_process_fd: add directory check
    
    The incoming path is allowed to have the form "$PID/fd/[0-9]*/.*"
    provided the descriptor symlink points to a directory.  Check that
    this is indeed the case.

Diff:
---
 winsup/cygwin/fhandler_process.cc | 15 +++++++++++++++
 1 file changed, 15 insertions(+)

diff --git a/winsup/cygwin/fhandler_process.cc b/winsup/cygwin/fhandler_process.cc
index a6c358217..888604e3d 100644
--- a/winsup/cygwin/fhandler_process.cc
+++ b/winsup/cygwin/fhandler_process.cc
@@ -398,6 +398,21 @@ format_process_fd (void *data, char *&destbuf)
 	*((process_fd_t *) data)->fd_type = virt_fdsymlink;
       else /* trailing path */
 	{
+	  /* Does the descriptor link point to a directory? */
+	  bool dir;
+	  if (*destbuf != '/')	/* e.g., "pipe:[" or "socket:[" */
+	    dir = false;
+	  else
+	    {
+	      path_conv pc (destbuf);
+	      dir = pc.isdir ();
+	    }
+	  if (!dir)
+	    {
+	      set_errno (ENOTDIR);
+	      cfree (destbuf);
+	      return -1;
+	    }
 	  char *newbuf = (char *) cmalloc_abort (HEAP_STR, strlen (destbuf)
 							   + strlen (e) + 1);
 	  stpcpy (stpcpy (newbuf, destbuf), e);