This is the mail archive of the cygwin mailing list for the Cygwin project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: snapshot 05/05: ssh segmentation fault within screen

On 05/06/2014 10:39 AM, Corinna Vinschen wrote:

> The problem, which I totally not realized since I started implementing
> this stuff is, that by propagating this cache to child processes, said
> child processes suffer from what the parent process does to the passwd
> structures in the cache.
> Screen seems to call getpwuid and then sets some of the pointers in the
> passwd structure it got from the call to NULL, apparently for some sort
> of security, this way overwriting the cached passwd struct for the

Bug in screen.  POSIX states:

The application shall not modify the structure to which the return value
points, nor any storage areas pointed to by pointers within the
structure. The returned pointer, and pointers within the structure,
might be invalidated or the structure or the storage areas might be
overwritten by a subsequent call to getpwent(), getpwnam(), or getpwuid().

> current user.  Ssh on the other hand tries to copy the passwd structure,
> but it never checks for NULL pointers because, well, the passwd
> structure never contains NULL pointers.
> This annihilates every advantage the cygheap caching has.

Caching still sounds correct, let's fix the bug in screen instead of
bloating cygwin to work around it.  Or maybe find a way to cause a SEGV
in any process that tries to write into the pointer returned by getpwuid
and friends, to help them realize their bug, rather than the current
state of propagating the broken memory to other processes.  Maybe you
just memcpy the result out of the cache into local memory, instead of
returning a pointer into the actual cygheap cache.

Eric Blake   eblake redhat com    +1-919-301-3266
Libvirt virtualization library

Attachment: signature.asc
Description: OpenPGP digital signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]