* pinfo.h (winpids::pid_access): New element.

(winpids::winpids): Rejigger to set pinfo_access. * pinfo.cc (winpids::add): Try to open shared memory region with supplied pinfo_access first, then default to readonly. * fhandler_termios.cc (tty_min::kill_pgrp): When getting list of pids to work with, suggest opening with PID_MAP_RW. * signal.cc (kill_pgrp): Ditto. * sigproc.cc (sig_send): Perform a write check on todo prior to attempting to increment it. Return EACCES if we can't write to it.
2025-01-18 20:39:33 +08:00 · 2003-09-17 01:15:56 +00:00 · 2003-09-17 01:15:56 +00:00 · deb648cc8b
commit deb648cc8b
parent 1498189ca8
7 changed files with 53 additions and 20 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,15 @@
+2003-09-16  Christopher Faylor  <cgf@redhat.com>
+
+	* pinfo.h (winpids::pid_access): New element.
+	(winpids::winpids): Rejigger to set pinfo_access.
+	* pinfo.cc (winpids::add): Try to open shared memory region with
+	supplied pinfo_access first, then default to readonly.
+	* fhandler_termios.cc (tty_min::kill_pgrp): When getting list of pids
+	to work with, suggest opening with PID_MAP_RW.
+	* signal.cc (kill_pgrp): Ditto.
+	* sigproc.cc (sig_send): Perform a write check on todo prior to
+	attempting to increment it.  Return EACCES if we can't write to it.
+
 2003-09-16  Corinna Vinschen  <corinna@vinschen.de>

 	* cygheap.cc (cygheap_user::set_saved_sid): Rename from set_orig_sid.
--- a/winsup/cygwin/fhandler_termios.cc
+++ b/winsup/cygwin/fhandler_termios.cc
@ -19,6 +19,7 @@ details. */
 #include "sigproc.h"
 #include "pinfo.h"
 #include "tty.h"
+#include "sys/cygwin.h"

 /* Common functions shared by tty/console */

@ -84,7 +85,7 @@ void
 tty_min::kill_pgrp (int sig)
 {
  int killself = 0;
-  winpids pids;
+  winpids pids ((DWORD) PID_MAP_RW);
  for (unsigned i = 0; i < pids.npids; i++)
    {
      _pinfo *p = pids[i];
--- a/winsup/cygwin/include/sys/cygwin.h
+++ b/winsup/cygwin/include/sys/cygwin.h
@ -49,7 +49,7 @@ struct __cygwin_perfile

 /* External interface stuff */

-typedef enum
+typedef
  {
    CW_LOCK_PINFO,
    CW_UNLOCK_PINFO,
--- a/winsup/cygwin/pinfo.cc
+++ b/winsup/cygwin/pinfo.cc
@ -541,12 +541,20 @@ winpids::add (DWORD& nelem, bool winpid, DWORD pid)
      pinfolist = (pinfo *) realloc (pinfolist, size_pinfolist (npidlist + 1));
    }

-  pinfolist[nelem].init (cygpid, PID_NOREDIR | (winpid ? PID_ALLPIDS : 0));
+  pinfolist[nelem].init (cygpid, PID_NOREDIR | (winpid ? PID_ALLPIDS : 0)
+			 | pinfo_access);
  if (winpid)
-    /* nothing to do */;
-  else if (!pinfolist[nelem])
+    goto out;
+
+  if (!pinfolist[nelem])
+    {
+      if (!pinfo_access)
 	return;
-  else
+      pinfolist[nelem].init (cygpid, PID_NOREDIR | (winpid ? PID_ALLPIDS : 0));
+      if (!pinfolist[nelem])
+	return;
+      }
+
  /* Scan list of previously recorded pids to make sure that this pid hasn't
     shown up before.  This can happen when a process execs. */
  for (unsigned i = 0; i < nelem; i++)
@ -557,6 +565,7 @@ winpids::add (DWORD& nelem, bool winpid, DWORD pid)
 	return;
      }

+out:
  pidlist[nelem++] = pid;
 }

--- a/winsup/cygwin/pinfo.h
+++ b/winsup/cygwin/pinfo.h
@ -197,6 +197,7 @@ class winpids
  DWORD *pidlist;
  DWORD npidlist;
  pinfo *pinfolist;
+  DWORD pinfo_access;		// access type for pinfo open
  DWORD (winpids::* enum_processes) (bool winpid);
  DWORD enum_init (bool winpid);
  DWORD enumNT (bool winpid);
@ -207,9 +208,14 @@ public:
  DWORD npids;
  inline void reset () { npids = 0; release (); }
  void set (bool winpid);
-  winpids (int): enum_processes (&winpids::enum_init) { reset (); }
-  winpids (): pidlist (NULL), npidlist (0), pinfolist (NULL),
-	      enum_processes (&winpids::enum_init), npids (0) { set (0); }
+  winpids (int): pinfo_access (0), enum_processes (&winpids::enum_init)
+    { reset (); }
+  winpids (DWORD acc = 0): pidlist (NULL), npidlist (0), pinfolist (NULL),
+  			   enum_processes (&winpids::enum_init), npids (0)
+  {
+    pinfo_access = acc;
+    set (0);
+  }
  inline DWORD& winpid (int i) const {return pidlist[i];}
  inline _pinfo *operator [] (int i) const {return (_pinfo *) pinfolist[i];}
  ~winpids ();
--- a/winsup/cygwin/signal.cc
+++ b/winsup/cygwin/signal.cc
@ -247,7 +247,7 @@ kill_pgrp (pid_t pid, int sig)

  sigproc_printf ("pid %d, signal %d", pid, sig);

-  winpids pids;
+  winpids pids ((DWORD) PID_MAP_RW);
  for (unsigned i = 0; i < pids.npids; i++)
    {
      _pinfo *p = pids[i];
--- a/winsup/cygwin/sigproc.cc
+++ b/winsup/cygwin/sigproc.cc
@ -725,6 +725,11 @@ sig_send (_pinfo *p, int sig, DWORD ebp, bool exception)
  else if ((thiscatch = getevent (p, "sigcatch")))
    {
      todo = p->getsigtodo (sig);
+      if (IsBadWritePtr (todo, sizeof (*todo)))
+	{
+	  set_errno (EACCES);
+	  goto out;
+	}
      issem = false;
    }
  else