From a5a88c6852d2844f65d00b330c7f7792f6e42eb4 Mon Sep 17 00:00:00 2001 From: davygrvy Date: Sun, 1 Feb 2004 10:28:18 +0000 Subject: * win/nmakehlp.c: defensive techniques to avoid static buffer overflows and a couple envars upsetting invokations of cl.exe and link.exe. --- ChangeLog | 4 ++++ win/nmakehlp.c | 32 ++++++++++++++++++-------------- 2 files changed, 22 insertions(+), 14 deletions(-) diff --git a/ChangeLog b/ChangeLog index 51b79e4..2d5e10a 100644 --- a/ChangeLog +++ b/ChangeLog @@ -6,6 +6,10 @@ * win/tclAppInit.c: Removed our custom setargv() in favor of the one provided by the c-runtime. [Bug 672938] + * win/nmakehlp.c: defensive techniques to avoid static buffer + overflows and a couple envars upsetting invokations of cl.exe + and link.exe. [Bug 885537] + 2004-01-30 David Gravereaux * win/makefile.vc: Use the -GZ compiler switch when building for diff --git a/win/nmakehlp.c b/win/nmakehlp.c index eee6b75..b444696 100644 --- a/win/nmakehlp.c +++ b/win/nmakehlp.c @@ -9,7 +9,7 @@ * of this file, and for a DISCLAIMER OF ALL WARRANTIES. * * ---------------------------------------------------------------------------- - * RCS: @(#) $Id: nmakehlp.c,v 1.5 2004/01/28 00:56:26 davygrvy Exp $ + * RCS: @(#) $Id: nmakehlp.c,v 1.6 2004/02/01 10:28:18 davygrvy Exp $ * ---------------------------------------------------------------------------- */ #include @@ -25,9 +25,11 @@ int GrepForDefine (const char *file, const char *string); DWORD WINAPI ReadFromPipe (LPVOID args); /* globals */ +#define CHUNK 25 +#define STATICBUFFERSIZE 1000 typedef struct { HANDLE pipe; - char buffer[1000]; + char buffer[STATICBUFFERSIZE]; } pipeinfo; pipeinfo Out = {INVALID_HANDLE_VALUE, '\0'}; @@ -46,6 +48,10 @@ main (int argc, char *argv[]) /* make sure children (cl.exe and link.exe) are kept quiet. */ SetErrorMode(SEM_FAILCRITICALERRORS | SEM_NOOPENFILEERRORBOX); + /* Make sure the compiler and linker aren't effected by the outside world. */ + SetEnvironmentVariable("CL", ""); + SetEnvironmentVariable("LINK", ""); + if (argc > 1 && *argv[1] == '-') { switch (*(argv[1]+1)) { case 'c': @@ -136,11 +142,11 @@ CheckForCompilerFeature (const char *option) 0, TRUE, DUPLICATE_SAME_ACCESS | DUPLICATE_CLOSE_SOURCE); /* base command line */ - strcpy(cmdline, "cl.exe -nologo -c -TC -Fdtemp "); + strcpy(cmdline, "cl.exe -nologo -c -TC -Zs -X "); /* append our option for testing */ strcat(cmdline, option); /* filename to compile, which exists, but is nothing and empty. */ - strcat(cmdline, " .\nul"); + strcat(cmdline, " .\\nul"); ok = CreateProcess( NULL, /* Module name. */ @@ -180,10 +186,6 @@ CheckForCompilerFeature (const char *option) WaitForSingleObject(pi.hProcess, INFINITE); CloseHandle(pi.hProcess); - /* clean up temporary files before returning */ - DeleteFile("temp.idb"); - DeleteFile("temp.pdb"); - /* wait for our pipe to get done reading, should it be a little slow. */ WaitForMultipleObjects(2, pipeThreads, TRUE, 500); CloseHandle(pipeThreads[0]); @@ -234,8 +236,6 @@ CheckForLinkerFeature (const char *option) strcpy(cmdline, "link.exe -nologo "); /* append our option for testing */ strcat(cmdline, option); - /* filename to compile, which exists, but is nothing and empty. */ -// strcat(cmdline, " .\nul"); ok = CreateProcess( NULL, /* Module name. */ @@ -293,7 +293,11 @@ ReadFromPipe (LPVOID args) BOOL ok; again: - ok = ReadFile(pi->pipe, lastBuf, 25, &dwRead, 0L); + if (lastBuf - pi->buffer + CHUNK > STATICBUFFERSIZE) { + CloseHandle(pi->pipe); + return -1; + } + ok = ReadFile(pi->pipe, lastBuf, CHUNK, &dwRead, 0L); if (!ok || dwRead == 0) { CloseHandle(pi->pipe); return 0; @@ -339,9 +343,9 @@ GrepForDefine (const char *file, const char *string) /* is the first word what we're looking for? */ if (!strcmp(s2, string)) { fclose(f); - /* add 1 past double quote char. "8.5" */ - d1 = atof(s3 + 1); /* 8.5 */ - return ((int) (d1 * 10) & 0xFF); /* 85 */ + /* add 1 past first double quote char. "8.5" */ + d1 = atof(s3 + 1); /* 8.5 */ + return ((int) (d1 * 10) & 0xFF); /* 85 */ } } } while (!feof(f)); -- cgit v0.12