Heads up: *possible* bug in cygwin

Christopher Faylor cgf@redhat.com
Wed Jan 1 17:06:00 GMT 2003


On Wed, Jan 01, 2003 at 10:05:10AM +0000, Steven O'Brien wrote:
>Hi
>I found a possible glib buffer overflow that is cygwin-specific (due to
>a bug in cygwin perhaps?) that I worked around when porting glib-1.2.10
>to cygwin. Maybe this is still a problem in glib-2.0.x
>
>In glib-1.2.10, gutils.c: g_get_any_init (void), the current user
>details are obtained from /etc/passwd. This code is called as part of
>glib initialisation, whether the app wants this data or not. It uses
>sysconf (_SC_GETPW_R_SIZE_MAX) to decide how much buffer to allocate for
>this data. But on cygwin this appears broken, and the call to getpwuid_r
>(getuid (), &pwd, buffer, bufsize, &pw) *may* overrun buffer, depending
>on the length of the line in /etc/passwd for the current user.

It's not broken.  It is not implemented.  If glib is incorrectly dealing
with a negative return from sysconf then, um, hmm...

cgf

--
Unsubscribe info:      http://cygwin.com/ml/#unsubscribe-simple
Bug reporting:         http://cygwin.com/bugs.html
Documentation:         http://cygwin.com/docs.html
FAQ:                   http://cygwin.com/faq/



More information about the Cygwin mailing list