libs/newlib-cygwin
libs/newlib-cygwin
4
0
Fork 0
mirror of git://sourceware.org/git/newlib-cygwin.git synced 2025-02-08 18:19:08 +08:00
Code Issues Projects Releases Wiki Activity

Cygwin: check_dir_not_empty: Avoid leaving the allocated buffer.

Browse Source 
The pointer pfni gets allocated the buffer at the begin,
and is used in the NtQueryDirectoryFile call before the loops.
In the loop the pointer pfni is also used as iterator.
Therefore it holds no longer the initial buffer at the call
to NtQueryDirectoryFile in the while conditition at the bottom.

Fixes: 28fa2a72f8106 ("* syscalls.cc (check_dir_not_empty): Check surplus directory entries")
Co-authored-by: Corinna Vinschen <corinna@vinschen.de>
Signed-off-by: Bernhard Übelacker <bernhardu@mailbox.org>
(cherry picked from commit dbb8069df56cb68ea1167b3bc0ceb66fa6c35d3f)
This commit is contained in:
Bernhard Übelacker 2024-11-16 18:09:50 +01:00 committed by Corinna Vinschen
parent b9060e06a6
commit 22474a6e5d
2 changed files with 9 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
winsup/cygwin/release/3.5.5
View File

@ -33,3 +33,6 @@ Fixes:
- Fix type of pthread_sigqueue() first parameter to match Linux.
Addresses: https://cygwin.com/pipermail/cygwin/2024-September/256439.html
- Fix potential stack corruption in rmdir() in a border case.
Addresses: https://cygwin.com/pipermail/cygwin/2024-November/256774.html

8
winsup/cygwin/syscalls.cc
View File

@ -617,9 +617,10 @@ check_dir_not_empty (HANDLE dir, path_conv &pc)
IO_STATUS_BLOCK io;
const ULONG bufsiz = 3 * sizeof (FILE_NAMES_INFORMATION)
+ 3 * NAME_MAX * sizeof (WCHAR);
PFILE_NAMES_INFORMATION pfni = (PFILE_NAMES_INFORMATION)
PFILE_NAMES_INFORMATION pfni_buf = (PFILE_NAMES_INFORMATION)
alloca (bufsiz);
NTSTATUS status = NtQueryDirectoryFile (dir, NULL, NULL, 0, &io, pfni,
PFILE_NAMES_INFORMATION pfni;
NTSTATUS status = NtQueryDirectoryFile (dir, NULL, NULL, 0, &io, pfni_buf,
bufsiz, FileNamesInformation,
FALSE, NULL, TRUE);
if (!NT_SUCCESS (status))
@ -631,6 +632,7 @@ check_dir_not_empty (HANDLE dir, path_conv &pc)
int cnt = 1;
do
{
pfni = pfni_buf;
while (pfni->NextEntryOffset)
{
if (++cnt > 2)
@ -677,7 +679,7 @@ check_dir_not_empty (HANDLE dir, path_conv &pc)
pfni = (PFILE_NAMES_INFORMATION) ((caddr_t) pfni + pfni->NextEntryOffset);
}
}
while (NT_SUCCESS (NtQueryDirectoryFile (dir, NULL, NULL, 0, &io, pfni,
while (NT_SUCCESS (NtQueryDirectoryFile (dir, NULL, NULL, 0, &io, pfni_buf,
bufsiz, FileNamesInformation,
FALSE, NULL, FALSE)));
return STATUS_SUCCESS;