This is the mail archive of the cygwin-patches mailing list for the Cygwin project.

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]
Other format:	[Raw text]

[PATCH] cygwin: fix potential buffer overflow in fork

From: Michael Haubenwallner <michael dot haubenwallner at ssi-schaefer dot com>
To: cygwin-patches at cygwin dot com
Cc: Michael Haubenwallner <michael dot haubenwallner at ssi-schaefer dot com>
Date: Mon, 9 Oct 2017 18:58:24 +0200
Subject: [PATCH] cygwin: fix potential buffer overflow in fork
Authentication-results: sourceware.org; auth=none

When fork fails, we can use "%s" now with system_sprintf for the errmsg
rather than a (potentially too small) buffer for the format string.

* fork.cc (fork): Use "%s" with system_printf now.
---
 winsup/cygwin/fork.cc | 9 ++-------
 1 file changed, 2 insertions(+), 7 deletions(-)

diff --git a/winsup/cygwin/fork.cc b/winsup/cygwin/fork.cc
index 73a72f530..bcbef12d8 100644
--- a/winsup/cygwin/fork.cc
+++ b/winsup/cygwin/fork.cc
@@ -618,13 +618,8 @@ fork ()
       if (!grouped.errmsg)
 	syscall_printf ("fork failed - child pid %d, errno %d", grouped.child_pid, grouped.this_errno);
       else
-	{
-	  char buf[strlen (grouped.errmsg) + sizeof ("child %d - , errno 4294967295  ")];
-	  strcpy (buf, "child %d - ");
-	  strcat (buf, grouped.errmsg);
-	  strcat (buf, ", errno %d");
-	  system_printf (buf, grouped.child_pid, grouped.this_errno);
-	}
+	system_printf ("child %d - %s, errno %d", grouped.child_pid,
+		       grouped.errmsg, grouped.this_errno);
 
       set_errno (grouped.this_errno);
     }
-- 
2.14.2

Follow-Ups:
- Re: [PATCH] cygwin: fix potential buffer overflow in fork
  - From: Corinna Vinschen

Index Nav:	[Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav:	[Date Prev] [Date Next]	[Thread Prev] [Thread Next]