[PATCH] Buffer over-run fix for getusershell(3)

Corinna Vinschen corinna-cygwin@cygwin.com
Mon May 19 08:31:00 GMT 2014

On May 18 20:12, David Stacey wrote:
> This is the first patch resulting from the Coverity Scan analysis of the
> Cygwin source code. The patch fixes Coverity ID 59932. Note that we don't
> have that many bugs in the Cygwin source code - that's just an ID that
> Coverity assigned to this issue. The patch is only a single line, so it
> falls into our definition of 'trivial'.
> getusershell(3) returns the next line from the '/etc/shells' file [1]. This
> contains a path to an executable, so it makes sense for 'buf' to contain
> PATH_MAX characters.
> Now, the definition of PATH_MAX is the maximum length of the path, including
> the null terminator [2]. So the for() loop should copy PATH_MAX-1
> characters, in order to allow for the null terminator.
> However, by copying PATH_MAX characters, there is a possible buffer over-run
> when the null terminator is applied. The patch (attached) corrects this.
> Change Log:
> 2014-05-18  David Stacey  <...>
>         * winsup/cygwin/syscalls.cc(getusershell) :
>         Fixed theoretical buffer overrun of 'buf' that would occur if
>         /etc/shells contained a line longer than 4095 characters.

Thanks, patch applied.  Just your ChangeLog needs a bit of work.  The
Cygwin dir has its own ChangeLog file so the path should be relative to

	* syscalls.cc (getusershell): ...


Corinna Vinschen                  Please, send mails regarding Cygwin to
Cygwin Maintainer                 cygwin AT cygwin DOT com
Red Hat
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <http://cygwin.com/pipermail/cygwin-patches/attachments/20140519/6eafc5ae/attachment.sig>

More information about the Cygwin-patches mailing list