Cygwin: fix quoting when starting invisible console process

fhandler_console::create_invisible_console_workaround() does not use the
lpApplicationName parameter and neglects to quote its command name on
lpCommandLine in the call to CreateProcessW.

Given CreateProcessW's brain-dead method to evaluate the application
path given on the command line, this opens up a security problem if
Cygwin is installed into a path with spaces in it.

Fix this by using the lpApplicationName parameter and quoting of the
application path in the lpCommandLine parameter (used as argv[0] in
the called console helper.

For extended paranoia, make the argument string array big enough to
fit full 64 bit pointer values into it.  Handles usually only use
the lower 32 bit, but better safe than sorry.

Signed-off-by: Corinna Vinschen <corinna@vinschen.de>
This commit is contained in:
Corinna Vinschen 2019-11-05 11:29:02 +01:00
parent 7a26e19d4f
commit 530b866c8e

View File

@ -3042,20 +3042,22 @@ fhandler_console::create_invisible_console_workaround ()
STARTUPINFOW si = {}; STARTUPINFOW si = {};
PROCESS_INFORMATION pi; PROCESS_INFORMATION pi;
size_t len = helper.get_wide_win32_path_len (); size_t len = helper.get_wide_win32_path_len ();
WCHAR cmd[len + (2 * strlen (" 0xffffffff")) + 1]; WCHAR cmd[len + 1];
WCHAR args[len + 1 + (2 * sizeof (" 0xffffffffffffffff")) + 1];
WCHAR title[] = L"invisible cygwin console"; WCHAR title[] = L"invisible cygwin console";
/* Create a new hidden process. Use the two event handles as
argv[1] and argv[2]. */
helper.get_wide_win32_path (cmd); helper.get_wide_win32_path (cmd);
__small_swprintf (cmd + len, L" %p %p", hello, goodbye); __small_swprintf (args, L"\"%W\" %p %p", cmd, hello, goodbye);
si.cb = sizeof (si); si.cb = sizeof (si);
si.dwFlags = STARTF_USESHOWWINDOW; si.dwFlags = STARTF_USESHOWWINDOW;
si.wShowWindow = SW_HIDE; si.wShowWindow = SW_HIDE;
si.lpTitle = title; si.lpTitle = title;
/* Create a new hidden process. Use the two event handles as BOOL x = CreateProcessW (cmd, args,
argv[1] and argv[2]. */
BOOL x = CreateProcessW (NULL, cmd,
&sec_none_nih, &sec_none_nih, true, &sec_none_nih, &sec_none_nih, true,
CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi); CREATE_NEW_CONSOLE, NULL, NULL, &si, &pi);
if (x) if (x)