[PATCH 0/4] a couple of fixes to programs/cmd
Eric Pouech
eric.pouech at gmail.com
Wed Jan 5 08:55:19 CST 2022
I thought fixing bug #51599 would be quick and simple...
Fixing was quick, but I shouldn't have tried to run the non regression
tests... which opened a can of worms <g>
patch #2 fixes some error cases on input handling
the can of worms:
it happens that I have a single symlinks in my (not pristine) prefix
(well a very very simple one: Z: -> /)
cmd.exe (and attrib.exe) **NEVER** test for buffer overflow when recursing
inside the directory tree structure
(I haven't checked the other utilities yet)
I tested native behavior: depth-recursion stops around MAX_PATH length...
while breadth-recursion continues; and there's no detection about DAG or
entering twice the same directory
so patches #3 and #4 are about not recursing when buffer would overflow in
attrib.exe and cmd.exe
Notes:
- not all the places (in cmd) have been fixed by those patches for buffer
overflow
- there are some places that take care of allocating larger buffers than
MAX_PATH, hence preventing the recursion to stop as native does
- with those patches, I still can't successfully run the cmd regression
test with the symlink in place
(maybe I need to be more patient than one hour :-(
- regression tests pass on a pristine prefix though
A+
---
Eric Pouech (4):
programs/cmd: handle white space only lines within ( ) block
programs/cmd: handle read errors in WCMD_ask_confirm
programs/attrib: don't overflow internal path buffers
programs/cmd: don't overflow internal path buffers
programs/attrib/attrib.c | 10 ++++++----
programs/cmd/builtins.c | 25 ++++++++++++++++++-------
programs/cmd/directory.c | 1 +
programs/cmd/wcmdmain.c | 8 ++++++--
4 files changed, 31 insertions(+), 13 deletions(-)
More information about the wine-devel
mailing list