* fhandler_proc.cc (fhandler_proc::get_proc_fhandler): Don't allow to

access process info by using the Windows PID. * fhandler_process.cc (fhandler_process::fstat): Ditto. (fhandler_process::fill_filebuf): Ditto.
2011-08-11 16:43:26 +00:00 · 2011-08-11 16:43:26 +00:00 · 6e2c582323
parent 3b7cd74bfd
commit 6e2c582323
3 changed files with 25 additions and 4 deletions
--- a/winsup/cygwin/ChangeLog
+++ b/winsup/cygwin/ChangeLog
@ -1,3 +1,10 @@
+2011-08-11  Corinna Vinschen  <corinna@vinschen.de>
+
+	* fhandler_proc.cc (fhandler_proc::get_proc_fhandler): Don't allow to
+	access process info by using the Windows PID.
+	* fhandler_process.cc (fhandler_process::fstat): Ditto.
+	(fhandler_process::fill_filebuf): Ditto.
+
 2011-08-11  Corinna Vinschen  <corinna@vinschen.de>

 	* (winpids::add): Make sure to store always a Windows PID in
--- a/winsup/cygwin/fhandler_proc.cc
+++ b/winsup/cygwin/fhandler_proc.cc
@ -128,7 +128,13 @@ fhandler_proc::get_proc_fhandler (const char *path)
  if (entry)
    return entry->fhandler;

-  if (pinfo (atoi (path)))
+  int pid = atoi (path);
+  pinfo p (pid);
+  /* If p->pid != pid, then pid is actually the Windows PID for an execed
+     Cygwin process, and the pinfo entry is the additional entry created
+     at exec time.  We don't want to enable the user to access a process
+     entry by using the Win32 PID, though. */
+  if (p && p->pid == pid)
    return FH_PROCESS;

  bool has_subdir = false;
--- a/winsup/cygwin/fhandler_process.cc
+++ b/winsup/cygwin/fhandler_process.cc
@ -143,8 +143,13 @@ fhandler_process::fstat (struct __stat64 *buf)
  fhandler_base::fstat (buf);
  path += proc_len + 1;
  pid = atoi (path);
+
  pinfo p (pid);
-  if (!p)
+  /* If p->pid != pid, then pid is actually the Windows PID for an execed
+     Cygwin process, and the pinfo entry is the additional entry created
+     at exec time.  We don't want to enable the user to access a process
+     entry by using the Win32 PID, though. */
+  if (!p || p->pid != pid)
    {
      set_errno (ENOENT);
      return -1;
@ -320,8 +325,11 @@ fhandler_process::fill_filebuf ()
    pid = atoi (path);

  pinfo p (pid);
-
-  if (!p)
+  /* If p->pid != pid, then pid is actually the Windows PID for an execed
+     Cygwin process, and the pinfo entry is the additional entry created
+     at exec time.  We don't want to enable the user to access a process
+     entry by using the Win32 PID, though. */
+  if (!p || p->pid != pid)
    {
      set_errno (ENOENT);
      return false;