From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 86414 invoked by alias); 4 May 2018 01:23:57 -0000 Mailing-List: contact cygwin-help@cygwin.com; run by ezmlm Precedence: bulk List-Id: List-Subscribe: List-Archive: List-Post: List-Help: , Sender: cygwin-owner@cygwin.com Mail-Followup-To: cygwin@cygwin.com Received: (qmail 86404 invoked by uid 89); 4 May 2018 01:23:56 -0000 Authentication-Results: sourceware.org; auth=none X-Virus-Found: No X-Spam-SWARE-Status: No, score=-6.4 required=5.0 tests=AWL,BAYES_00,GIT_PATCH_2,SPF_PASS autolearn=ham version=3.3.2 spammy= X-HELO: us-smtp-1.mimecast.com Received: from us-smtp-delivery-1.mimecast.com (HELO us-smtp-1.mimecast.com) (205.139.110.120) by sourceware.org (qpsmtpd/0.93/v0.84-503-g423c35a) with ESMTP; Fri, 04 May 2018 01:23:54 +0000 Received: from NAM01-BN3-obe.outbound.protection.outlook.com (mail-bn3nam01lp0179.outbound.protection.outlook.com [216.32.180.179]) (Using TLS) by us-smtp-1.mimecast.com with ESMTP id us-mta-64-LY9mTpRAOFmRUbuaKxvzhw-1; Thu, 03 May 2018 21:23:52 -0400 Received: from DM2PR0501MB1358.namprd05.prod.outlook.com (10.160.130.22) by DM2PR0501MB1310.namprd05.prod.outlook.com (10.160.130.151) with Microsoft SMTP Server (version=TLS1_2, cipher=TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384) id 15.20.735.6; Fri, 4 May 2018 01:23:48 +0000 Received: from DM2PR0501MB1358.namprd05.prod.outlook.com ([fe80::4c4e:f6e7:327b:ab54]) by DM2PR0501MB1358.namprd05.prod.outlook.com ([fe80::4c4e:f6e7:327b:ab54%5]) with mapi id 15.20.0715.012; Fri, 4 May 2018 01:23:47 +0000 From: Ken Harris To: "cygwin@cygwin.com" Subject: Re: winsup\cygwin\path.cc issues Date: Fri, 04 May 2018 01:23:00 -0000 Message-ID: x-ms-publictraffictype: Email x-microsoft-exchange-diagnostics: 1;DM2PR0501MB1310;7:684ese1aC4XG8pscpV3v/n67QW//qySXLeUVuGVwuxen4NaJh7IWNAxWB2EYLreT4/fYZodixqNs7Lx+JzlPjVWS2RIh0Aok8hcLLnv12+qDSf+SLdPKxIgpekJ73q3a745+Uvy5rEfh7VMaA2yBfWuikiVsOdmq10cPIwSlEHMOr9M49dHE+vKlOxkTJtn1Q5hGLYkhi+rIkPSmQZtOQxdYxT6pARWwmEVjPYXEQVtzx5OFt/WacvArwMxYBy3x x-ms-exchange-antispam-srfa-diagnostics: SOS; x-microsoft-antispam: UriScan:;BCL:0;PCL:0;RULEID:(7020095)(4652020)(5600026)(4534165)(4627221)(201703031133081)(201702281549075)(2017052603328)(7153060)(49563074)(7193020);SRVR:DM2PR0501MB1310; x-ms-traffictypediagnostic: DM2PR0501MB1310: x-microsoft-antispam-prvs: x-exchange-antispam-report-test: UriScan:; x-exchange-antispam-report-cfa-test: BCL:0;PCL:0;RULEID:(102415395)(6040522)(2401047)(8121501046)(5005006)(93006095)(93001095)(10201501046)(3002001)(3231254)(944501410)(52105095)(6041310)(20161123560045)(20161123564045)(20161123562045)(201703131423095)(201702281528075)(20161123555045)(201703061421075)(201703061406153)(20161123558120)(6072148)(201708071742011);SRVR:DM2PR0501MB1310;BCL:0;PCL:0;RULEID:;SRVR:DM2PR0501MB1310; x-forefront-prvs: 06628F7CA4 x-forefront-antispam-report: SFV:NSPM;SFS:(10009020)(39380400002)(366004)(39860400002)(346002)(376002)(396003)(199004)(189003)(43234003)(5660300001)(74316002)(5890100001)(55016002)(486006)(2900100001)(72206003)(7696005)(53936002)(97736004)(3280700002)(6116002)(305945005)(99286004)(14454004)(476003)(3660700001)(3846002)(2501003)(6916009)(1730700003)(66066001)(6436002)(25786009)(7736002)(86362001)(26005)(2906002)(8676002)(2351001)(106356001)(81166006)(316002)(229853002)(81156014)(68736007)(105586002)(6246003)(6506007)(59450400001)(99936001)(9686003)(33656002)(8936002)(102836004)(186003)(5250100002)(478600001)(5640700003)(53546011)(460985005);DIR:OUT;SFP:1101;SCL:1;SRVR:DM2PR0501MB1310;H:DM2PR0501MB1358.namprd05.prod.outlook.com;FPR:;SPF:None;LANG:en;PTR:InfoNoRecords;A:1;MX:1; x-microsoft-antispam-message-info: KnD54Wocnww2PMS5Z/46l8YKPFytJAiCd8swlQjRebCY+z7Vi5vQfjxh4p4uuu0kdAheNJbnp/8HoFDkZLDCodct9OaJHJOgE6sTqoOiIcNaRQaP6MGAsWW5kF7scnWWpu/eQECCTpArFjtfccPb+SDB9RwnStpCeCW46SQgbwsrrhqF7W/0nP3bQGH2msFg spamdiagnosticoutput: 1:99 spamdiagnosticmetadata: NSPM MIME-Version: 1.0 X-MS-Office365-Filtering-Correlation-Id: 45046162-02fe-4cd6-6d0b-08d5b15daf72 X-OriginatorOrg: mathworks.com X-MS-Exchange-CrossTenant-Network-Message-Id: 45046162-02fe-4cd6-6d0b-08d5b15daf72 X-MS-Exchange-CrossTenant-originalarrivaltime: 04 May 2018 01:23:47.5286 (UTC) X-MS-Exchange-CrossTenant-fromentityheader: Hosted X-MS-Exchange-CrossTenant-id: 99dd3a11-4348-4468-9bdd-e5072b1dc1e6 X-MS-Exchange-Transport-CrossTenantHeadersStamped: DM2PR0501MB1310 X-MC-Unique: LY9mTpRAOFmRUbuaKxvzhw-1 Content-Type: multipart/mixed; boundary="_002_DM2PR0501MB1358382033C52CD40E92634F8A860DM2PR0501MB1358_" X-SW-Source: 2018-05/txt/msg00061.txt.bz2 --_002_DM2PR0501MB1358382033C52CD40E92634F8A860DM2PR0501MB1358_ Content-Type: text/plain; charset=WINDOWS-1252 Content-Transfer-Encoding: quoted-printable Content-length: 2415 Hi Marco: Sorry for not replying to the original exchange we had. I w= asn't subscribed to the list but now I am so it won't happen again (so I'm = quoting our exchange below). =20=20=20=20=20=20=20=20=20=20=20=20=20=20=20=20 I installed and built cygwin1.dll with an added assert in p= ath.cc to identify when the buffer underrun condition I originally describe= d occurs: $ diff -b ./cygwin-2.10.0-1.src/newlib-cygwin/winsup/cygwin/path.cc.ORIG ./= cygwin-2.10.0-1.src/newlib-cygwin/winsup/cygwin/path.cc 2803c2803 < ; --- > assert(p >=3D path); Thus, a simple: cat '\A../../../B' will result in the assert firing: kharris@ah-kharris /usr/src $ cat '\A../../../B' assertion "p >=3D path" failed: file "../../.././winsup/cygwin/path.cc", li= ne 2803, function: int symlink_info::check(char*, const suffix_info*, fs_in= fo&, path_conv_handle&) Aborted (core dumped) Attached is a patch (in addition to the added assert) with what I *think* m= ight really fix the problem. This was where the expected backslash got squa= shed which allowed symlink_info::check() to go "negative" with its 'p' poin= ter and look for a backslash in someone else's memory. I've applied this "correction" in our MSYS2 code. I hope t= o get some flight-time with it soon (long duration, automated processing) = and if it causes unexpected problems, I'll report back on that. Otherwise, = I just hope it might be helpful to anyone who might run into similar puzzli= ng circumstances (the puzzle is when the errant 'p' pointer _doesn't_ find = a stray backslash in someone else's memory. It segv-s and _that_ was the na= sty part of the puzzle). Thanks, -Ken On 5/2/2018 3:49 PM, Ken Harris wrote: Hi: While originally investigating a sporadic failure in M= SYS2, I believe I found that its origin may actually be within Cygwin. Given the following command sequence on cygwin64 in a = CMD.EXE command prompt (on Windows 10 x64 if it matters). cd C:\Cygwin64\bin echo.exe running \"test\" logging to ../../../my.log Not clear to me what is the exact command line to replicate In addition "C:\Cygwin64\bin" is "/bin" so where do you expect /bin/../../../my.log to be ? Regards Marco --_002_DM2PR0501MB1358382033C52CD40E92634F8A860DM2PR0501MB1358_ Content-Type: application/octet-stream; name="path.cc.patch" Content-Description: path.cc.patch Content-Disposition: attachment; filename="path.cc.patch"; size=1745; creation-date="Fri, 04 May 2018 01:22:13 GMT"; modification-date="Fri, 04 May 2018 00:20:54 GMT" Content-Transfer-Encoding: base64 Content-length: 2367 LS0tIC4vY3lnd2luLTIuMTAuMC0xLnNyYy9uZXdsaWItY3lnd2luL3dpbnN1 cC9jeWd3aW4vcGF0aC5jYy5PUklHCTIwMTgtMDUtMDMgMTk6NDM6MDAuNDgy NDcyMTAwIC0wNDAwCisrKyAuL2N5Z3dpbi0yLjEwLjAtMS5zcmMvbmV3bGli LWN5Z3dpbi93aW5zdXAvY3lnd2luL3BhdGguY2MJMjAxOC0wNS0wMyAyMDow OTo0NC4wMzU2MzA3MDAgLTA0MDAKQEAgLTEzNDIsNiArMTM0Miw3IEBACiBp bnQKIG5vcm1hbGl6ZV93aW4zMl9wYXRoIChjb25zdCBjaGFyICpzcmMsIGNo YXIgKmRzdCwgY2hhciAqJnRhaWwpCiB7CisgIGludCBkcnZwcmVmaXhsZW4g PSAwOwogICBjb25zdCBjaGFyICpzcmNfc3RhcnQgPSBzcmM7CiAgIGJvb2wg YmVnX3NyY19zbGFzaCA9IGlzZGlyc2VwIChzcmNbMF0pOwogCkBAIC0xMzg1 LDkgKzEzODYsMTAgQEAKIAkqdGFpbCsrID0gY3lnX3RvdXBwZXIgKCpzcmMr Kyk7CiAgICAgICBlbHNlIGlmICgqc3JjICE9ICcvJykKIAl7Ci0JICBpZiAo YmVnX3NyY19zbGFzaCkKLQkgICAgdGFpbCArPSBjeWdoZWFwLT5jd2QuZ2V0 X2RyaXZlIChkc3QpOwotCSAgZWxzZSBpZiAoIWN5Z2hlYXAtPmN3ZC5nZXQg KGRzdCwgMCkpCisJICBpZiAoYmVnX3NyY19zbGFzaCkgeworCSAgICBkcnZw cmVmaXhsZW4gPSBjeWdoZWFwLT5jd2QuZ2V0X2RyaXZlIChkc3QpOworCSAg ICB0YWlsICs9IGRydnByZWZpeGxlbjsKKwkgIH0gZWxzZSBpZiAoIWN5Z2hl YXAtPmN3ZC5nZXQgKGRzdCwgMCkpCiAJICAgIHJldHVybiBnZXRfZXJybm8g KCk7CiAJICBlbHNlCiAJICAgIHsKQEAgLTE0MjMsMTAgKzE0MjUsMTAgQEAK IAkgIGVsc2UKIAkgICAgewogCSAgICAgIC8qIEJhY2sgdXAgb3ZlciAvLCBi dXQgbm90IGlmIGl0J3MgdGhlIGZpcnN0IG9uZS4gICovCi0JICAgICAgaWYg KHRhaWwgPiBkc3QgKyAxKQorCSAgICAgIGlmICh0YWlsID4gZHN0ICsgMSAr IGRydnByZWZpeGxlbikKIAkJdGFpbC0tOwogCSAgICAgIC8qIE5vdyBiYWNr IHVwIHRvIHRoZSBuZXh0IC8uICAqLwotCSAgICAgIHdoaWxlICh0YWlsID4g ZHN0ICsgMSAmJiB0YWlsWy0xXSAhPSAnXFwnICYmIHRhaWxbLTJdICE9ICc6 JykKKwkgICAgICB3aGlsZSAodGFpbCA+IGRzdCArIDEgKyBkcnZwcmVmaXhs ZW4gJiYgdGFpbFstMV0gIT0gJ1xcJyAmJiB0YWlsWy0yXSAhPSAnOicpCiAJ CXRhaWwtLTsKIAkgICAgICBzcmMgKz0gMjsKIAkgICAgICAvKiBTa2lwIC8n cyB0byB0aGUgbmV4dCBwYXRoIGNvbXBvbmVudC4gKi8KQEAgLTE0NDYsNyAr MTQ0OCw3IEBACiAgICAgICBpZiAoKHRhaWwgLSBkc3QpID49IE5UX01BWF9Q QVRIKQogCXJldHVybiBFTkFNRVRPT0xPTkc7CiAgICAgfQotICBpZiAodGFp bCA+IGRzdCArIDEgJiYgdGFpbFstMV0gPT0gJy4nICYmIHRhaWxbLTJdID09 ICdcXCcpCisgIGlmICh0YWlsID4gZHN0ICsgMSArIGRydnByZWZpeGxlbiAm JiB0YWlsWy0xXSA9PSAnLicgJiYgdGFpbFstMl0gPT0gJ1xcJykKICAgICB0 YWlsLS07CiAgICp0YWlsID0gJ1wwJzsKICAgZGVidWdfcHJpbnRmICgiJXMg PSBub3JtYWxpemVfd2luMzJfcGF0aCAoJXMpIiwgZHN0LCBzcmNfc3RhcnQp OwpAQCAtMjgwMCw3ICsyODAyLDcgQEAKIAkgICAgICBpZiAoKnAgIT0gJy4n ICYmICpwICE9ICcgJykKIAkJewogCQkgIHdoaWxlICgqLS1wICE9ICdcXCcp Ci0JCSAgICA7CisJCSAgICBhc3NlcnQocCA+PSBwYXRoKTsKIAkJICBpZiAo KisrcCAhPSAnICcpCiAJCSAgICBwID0gTlVMTDsKIAkJfQo= --_002_DM2PR0501MB1358382033C52CD40E92634F8A860DM2PR0501MB1358_ Content-Type: text/plain; charset=us-ascii Content-length: 219 -- Problem reports: http://cygwin.com/problems.html FAQ: http://cygwin.com/faq/ Documentation: http://cygwin.com/docs.html Unsubscribe info: http://cygwin.com/ml/#unsubscribe-simple --_002_DM2PR0501MB1358382033C52CD40E92634F8A860DM2PR0501MB1358_--