Hello everyone,
Is is about the buffer allocated in check_dir_not_empty.
The pointer pfni gets allocated the buffer at the begin,
and is used in the NtQueryDirectoryFile call before the loops.
In the loop the pointer pfni is also used as iterator.
Therefore it holds no longer the initial buffer at the call
to NtQueryDirectoryFile in the while conditition at the bottom.
Attached is a possible modification to always use the allocated buffer.
Kind regards,
Bernhard
From 667a8d525879ed1d1ae85cfa81ea356638bd4bd4 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Bernhard=20=C3=9Cbelacker?= <bernha...@mailbox.org>
Date: Sat, 16 Nov 2024 18:09:50 +0100
Subject: Cygwin: check_dir_not_empty: Avoid leaving the allocated buffer.
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit
The pointer pfni gets allocated the buffer at the begin,
and is used in the NtQueryDirectoryFile call before the loops.
In the loop the pointer pfni is also used as iterator.
Therefore it holds no longer the initial buffer at the call
to NtQueryDirectoryFile in the while conditition at the bottom.
Signed-off-by: Bernhard Übelacker <bernha...@mailbox.org>
---
winsup/cygwin/syscalls.cc | 14 ++++++++------
1 file changed, 8 insertions(+), 6 deletions(-)
diff --git a/winsup/cygwin/syscalls.cc b/winsup/cygwin/syscalls.cc
index df7d3a14e..a19879ab2 100644
--- a/winsup/cygwin/syscalls.cc
+++ b/winsup/cygwin/syscalls.cc
@@ -619,6 +619,7 @@ check_dir_not_empty (HANDLE dir, path_conv &pc)
+ 3 * NAME_MAX * sizeof (WCHAR);
PFILE_NAMES_INFORMATION pfni = (PFILE_NAMES_INFORMATION)
alloca (bufsiz);
+ PFILE_NAMES_INFORMATION pfni_it;
NTSTATUS status = NtQueryDirectoryFile (dir, NULL, NULL, 0, &io, pfni,
bufsiz, FileNamesInformation,
FALSE, NULL, TRUE);
@@ -631,7 +632,8 @@ check_dir_not_empty (HANDLE dir, path_conv &pc)
int cnt = 1;
do
{
- while (pfni->NextEntryOffset)
+ pfni_it = pfni;
+ while (pfni_it->NextEntryOffset)
{
if (++cnt > 2)
{
@@ -639,10 +641,10 @@ check_dir_not_empty (HANDLE dir, path_conv &pc)
OBJECT_ATTRIBUTES attr;
FILE_BASIC_INFORMATION fbi;
- pfni = (PFILE_NAMES_INFORMATION)
- ((caddr_t) pfni + pfni->NextEntryOffset);
- RtlInitCountedUnicodeString(&fname, pfni->FileName,
- pfni->FileNameLength);
+ pfni_it = (PFILE_NAMES_INFORMATION)
+ ((caddr_t) pfni_it + pfni_it->NextEntryOffset);
+ RtlInitCountedUnicodeString(&fname, pfni_it->FileName,
+ pfni_it->FileNameLength);
InitializeObjectAttributes (&attr, &fname, 0, dir, NULL);
status = NtQueryAttributesFile (&attr, &fbi);
/* Intensive testing shows that sometimes directories, for which
@@ -674,7 +676,7 @@ check_dir_not_empty (HANDLE dir, path_conv &pc)
return STATUS_DIRECTORY_NOT_EMPTY;
}
}
- pfni = (PFILE_NAMES_INFORMATION) ((caddr_t) pfni + pfni->NextEntryOffset);
+ pfni_it = (PFILE_NAMES_INFORMATION) ((caddr_t) pfni_it + pfni_it->NextEntryOffset);
}
}
while (NT_SUCCESS (NtQueryDirectoryFile (dir, NULL, NULL, 0, &io, pfni,
--
2.39.2
--
Problem reports: https://cygwin.com/problems.html
FAQ: https://cygwin.com/faq/
Documentation: https://cygwin.com/docs.html
Unsubscribe info: https://cygwin.com/ml/#unsubscribe-simple
