Cygwin main function: vulnerable to wchar_t to char conversion attacks or not?
Andrey Repin
anrdaemon@yandex.ru
Fri Jan 10 07:33:07 GMT 2025
Greetings, Kaz Kylheku!
> Hi all,
> I'm reading an article on attacks that are evidently possible against some Windows
> programs in the area of command line parsing. See below.
> Does the Cygwin run-time rely on GetCommandLineA to get the char-based command
> line that is parsed into argv[]?
You can answer this question yourself. The code is open.
> If so, it could be vulnerable to attacks which embed Unicode quotes into the
> command line, which GetCommandLineA normalizes to ASCII double quotes.
> A program which prepares a command line will assiduously escape any double
> quotes occurring in the arguments. But if fullwidth Unicode double quotes
> occur in the arguments, they will be passed through verbatim, and then
> turn into unescaped ASCII double quotes.
> Article:
> https://blog.orange.tw/posts/2025-01-worstfit-unveiling-hidden-transformers-in-windows-ansi/
--
With best regards,
Andrey Repin
Friday, January 10, 2025 10:32:40
Sorry for my terrible english...
More information about the Cygwin
mailing list