* cygtls.h (TP_NUM_C_BUFS): Raise to 50 to allow SYMLOOP_MAX recursions
path_conv <-> normalize_posix_path, plus a bit of buffer. (TP_NUM_W_BUFS): Ditto. (class san): Change type of _c_cnt and _w_cnt to unsigned. * path.cc (normalize_posix_path): Guard recursion into path_conv against tmp_pathbuf overflow. Generate normalized path in call to path_conv. If the path is valid, replace dst with the normalized_path from path_conv call. Add comment to explain why we're doing this. * tls_pbuf.cc (tls_pathbuf::destroy): Only free buffers until the first buffer pointer is NULL. (tmp_pathbuf::c_get): Simplify error message. (tmp_pathbuf::w_get): Ditto. * tls_pbuf.h (class tmp_pathbuf): Change type of c_buf_old and w_buf_old to unsigned. (tmp_pathbuf::check_usage): New inline method to check if we have enough tmp_pathbuf buffers left to call a function using tmp_pathbuf buffers. * tlsoffsets.h: Regenerate. * tlsoffsets64.h: Regenerate.
This commit is contained in:
@@ -1,6 +1,6 @@
|
||||
/* tls_pbuf.cc
|
||||
|
||||
Copyright 2008, 2010 Red Hat, Inc.
|
||||
Copyright 2008, 2010, 2014 Red Hat, Inc.
|
||||
|
||||
This software is a copyrighted work licensed under the terms of the
|
||||
Cygwin license. Please consult the file "CYGWIN_LICENSE" for
|
||||
@@ -16,12 +16,10 @@ details. */
|
||||
void
|
||||
tls_pathbuf::destroy ()
|
||||
{
|
||||
for (int i = 0; i < TP_NUM_C_BUFS; ++i)
|
||||
if (c_buf[i])
|
||||
free (c_buf[i]);
|
||||
for (int i = 0; i < TP_NUM_W_BUFS; ++i)
|
||||
if (w_buf[i])
|
||||
free (w_buf[i]);
|
||||
for (unsigned i = 0; i < TP_NUM_C_BUFS && c_buf[i]; ++i)
|
||||
free (c_buf[i]);
|
||||
for (unsigned i = 0; i < TP_NUM_W_BUFS && w_buf[i]; ++i)
|
||||
free (w_buf[i]);
|
||||
}
|
||||
|
||||
tmp_pathbuf::tmp_pathbuf ()
|
||||
@@ -39,7 +37,7 @@ char *
|
||||
tmp_pathbuf::c_get ()
|
||||
{
|
||||
if (tls_pbuf.c_cnt >= TP_NUM_C_BUFS)
|
||||
api_fatal ("Internal error: TP_NUM_C_BUFS too small: %u > %u", tls_pbuf.c_cnt, TP_NUM_C_BUFS);
|
||||
api_fatal ("Internal error: TP_NUM_C_BUFS too small: %u", TP_NUM_C_BUFS);
|
||||
if (!tls_pbuf.c_buf[tls_pbuf.c_cnt]
|
||||
&& !(tls_pbuf.c_buf[tls_pbuf.c_cnt] = (char *) malloc (NT_MAX_PATH)))
|
||||
api_fatal ("Internal error: Out of memory for new path buf.");
|
||||
@@ -50,7 +48,7 @@ PWCHAR
|
||||
tmp_pathbuf::w_get ()
|
||||
{
|
||||
if (tls_pbuf.w_cnt >= TP_NUM_W_BUFS)
|
||||
api_fatal ("Internal error: TP_NUM_W_BUFS too small %d >= %d.", tls_pbuf.w_cnt, TP_NUM_W_BUFS);
|
||||
api_fatal ("Internal error: TP_NUM_W_BUFS too small: %u.", TP_NUM_W_BUFS);
|
||||
if (!tls_pbuf.w_buf[tls_pbuf.w_cnt]
|
||||
&& !(tls_pbuf.w_buf[tls_pbuf.w_cnt]
|
||||
= (PWCHAR) malloc (NT_MAX_PATH * sizeof (WCHAR))))
|
||||
|
Reference in New Issue
Block a user