Hi Ken,
On Sep 8 12:50, Ken Brown via Cygwin-patches wrote:
> The incoming path is allowed to have the form "$PID/fd/[0-9]*/.*"
> provided the descriptor symlink points to a directory. Check that
> this is indeed the case.
> ---
> winsup/cygwin/fhandler_process.cc | 15 +++
> 1 file changed, 15 insertions(+)
>
> diff --git a/winsup/cygwin/fhandler_process.cc
> b/winsup/cygwin/fhandler_process.cc
> index a6c358217..888604e3d 100644
> --- a/winsup/cygwin/fhandler_process.cc
> +++ b/winsup/cygwin/fhandler_process.cc
> @@ -398,6 +398,21 @@ format_process_fd (void *data, char *)
> *((process_fd_t *) data)->fd_type = virt_fdsymlink;
>else /* trailing path */
> {
> + /* Does the descriptor link point to a directory? */
> + bool dir;
> + if (*destbuf != '/') /* e.g., "pipe:[" or "socket:[" */
> + dir = false;
> + else
> + {
> + path_conv pc (destbuf);
> + dir = pc.isdir ();
> + }
> + if (!dir)
> + {
> + set_errno (ENOTDIR);
> + cfree (destbuf);
> + return -1;
> + }
> char *newbuf = (char *) cmalloc_abort (HEAP_STR, strlen (destbuf)
> + strlen (e) + 1);
> stpcpy (stpcpy (newbuf, destbuf), e);
> --
> 2.28.0
Huh, I'd never realized this check is missing. I was just puzzeling
over your patch, searching for the directory check, but yeah, there is
none. Please push.
Thanks,
Corinna
