Skip to content

Commit

Permalink
Cygwin: check_dir_not_empty: Avoid leaving the allocated buffer.
Browse files Browse the repository at this point in the history 
The pointer pfni gets allocated the buffer at the begin,
and is used in the NtQueryDirectoryFile call before the loops.
In the loop the pointer pfni is also used as iterator.
Therefore it holds no longer the initial buffer at the call
to NtQueryDirectoryFile in the while conditition at the bottom.

Fixes: 28fa2a7 ("* syscalls.cc (check_dir_not_empty): Check surplus directory entries")
Co-authored-by: Corinna Vinschen <[email protected]>
Signed-off-by: Bernhard Übelacker <[email protected]>
  • Loading branch information
@bernhardu @github-cygwin
bernhardu and github-cygwin committed Nov 19, 2024
1 parent 9da0ac4 commit dbb8069
Show file tree
Hide file tree
Showing 2 changed files with 9 additions and 4 deletions.
3 changes: 3 additions & 0 deletions winsup/cygwin/release/3.5.5
View file
Original file line number Diff line number Diff line change
Expand Up @@ -33,3 +33,6 @@ Fixes:

- Fix type of pthread_sigqueue() first parameter to match Linux.
Addresses: https://cygwin.com/pipermail/cygwin/2024-September/256439.html

- Fix potential stack corruption in rmdir() in a border case.
Addresses: https://cygwin.com/pipermail/cygwin/2024-November/256774.html
10 changes: 6 additions & 4 deletions winsup/cygwin/syscalls.cc
View file
Original file line number Diff line number Diff line change
Expand Up @@ -617,9 +617,10 @@ check_dir_not_empty (HANDLE dir, path_conv &pc)
IO_STATUS_BLOCK io;
const ULONG bufsiz = 3 * sizeof (FILE_NAMES_INFORMATION)
+ 3 * NAME_MAX * sizeof (WCHAR);
PFILE_NAMES_INFORMATION pfni = (PFILE_NAMES_INFORMATION)
alloca (bufsiz);
NTSTATUS status = NtQueryDirectoryFile (dir, NULL, NULL, 0, &io, pfni,
PFILE_NAMES_INFORMATION pfni_buf = (PFILE_NAMES_INFORMATION)
alloca (bufsiz);
PFILE_NAMES_INFORMATION pfni;
NTSTATUS status = NtQueryDirectoryFile (dir, NULL, NULL, 0, &io, pfni_buf,
bufsiz, FileNamesInformation,
FALSE, NULL, TRUE);
if (!NT_SUCCESS (status))
Expand All @@ -631,6 +632,7 @@ check_dir_not_empty (HANDLE dir, path_conv &pc)
int cnt = 1;
do
{
pfni = pfni_buf;
while (pfni->NextEntryOffset)
{
if (++cnt > 2)
Expand Down Expand Up @@ -677,7 +679,7 @@ check_dir_not_empty (HANDLE dir, path_conv &pc)
pfni = (PFILE_NAMES_INFORMATION) ((caddr_t) pfni + pfni->NextEntryOffset);
}
}
while (NT_SUCCESS (NtQueryDirectoryFile (dir, NULL, NULL, 0, &io, pfni,
while (NT_SUCCESS (NtQueryDirectoryFile (dir, NULL, NULL, 0, &io, pfni_buf,
bufsiz, FileNamesInformation,
FALSE, NULL, FALSE)));
return STATUS_SUCCESS;
Expand Down

0 comments on commit dbb8069

Please sign in to comment.