summaryrefslogtreecommitdiff
path: root/compat/mingw.c
diff options
context:
space:
mode:
Diffstat (limited to 'compat/mingw.c')
-rw-r--r--compat/mingw.c281
1 files changed, 243 insertions, 38 deletions
diff --git a/compat/mingw.c b/compat/mingw.c
index bd24d913f9..402c1ad91c 100644
--- a/compat/mingw.c
+++ b/compat/mingw.c
@@ -114,6 +114,7 @@ int err_win_to_posix(DWORD winerr)
case ERROR_SHARING_BUFFER_EXCEEDED: error = ENFILE; break;
case ERROR_SHARING_VIOLATION: error = EACCES; break;
case ERROR_STACK_OVERFLOW: error = ENOMEM; break;
+ case ERROR_SUCCESS: BUG("err_win_to_posix() called without an error!");
case ERROR_SWAPERROR: error = ENOENT; break;
case ERROR_TOO_MANY_MODULES: error = EMFILE; break;
case ERROR_TOO_MANY_OPEN_FILES: error = EMFILE; break;
@@ -212,6 +213,7 @@ enum hide_dotfiles_type {
HIDE_DOTFILES_DOTGITONLY
};
+static int core_restrict_inherited_handles = -1;
static enum hide_dotfiles_type hide_dotfiles = HIDE_DOTFILES_DOTGITONLY;
static char *unset_environment_variables;
@@ -231,6 +233,15 @@ int mingw_core_config(const char *var, const char *value, void *cb)
return 0;
}
+ if (!strcmp(var, "core.restrictinheritedhandles")) {
+ if (value && !strcasecmp(value, "auto"))
+ core_restrict_inherited_handles = -1;
+ else
+ core_restrict_inherited_handles =
+ git_config_bool(var, value);
+ return 0;
+ }
+
return 0;
}
@@ -393,7 +404,7 @@ int mingw_mkdir(const char *path, int mode)
int ret;
wchar_t wpath[MAX_PATH];
- if (!is_valid_win32_path(path)) {
+ if (!is_valid_win32_path(path, 0)) {
errno = EINVAL;
return -1;
}
@@ -479,21 +490,21 @@ int mingw_open (const char *filename, int oflags, ...)
mode = va_arg(args, int);
va_end(args);
- if (!is_valid_win32_path(filename)) {
+ if (!is_valid_win32_path(filename, !create)) {
errno = create ? EINVAL : ENOENT;
return -1;
}
- if (filename && !strcmp(filename, "/dev/null"))
- filename = "nul";
-
if ((oflags & O_APPEND) && !is_local_named_pipe_path(filename))
open_fn = mingw_open_append;
else
open_fn = _wopen;
- if (xutftowcs_path(wfilename, filename) < 0)
+ if (filename && !strcmp(filename, "/dev/null"))
+ wcscpy(wfilename, L"nul");
+ else if (xutftowcs_path(wfilename, filename) < 0)
return -1;
+
fd = open_fn(wfilename, oflags, mode);
if (fd < 0 && (oflags & O_ACCMODE) != O_RDONLY && errno == EACCES) {
@@ -550,16 +561,18 @@ FILE *mingw_fopen (const char *filename, const char *otype)
int hide = needs_hiding(filename);
FILE *file;
wchar_t wfilename[MAX_PATH], wotype[4];
- if (!is_valid_win32_path(filename)) {
+ if (filename && !strcmp(filename, "/dev/null"))
+ wcscpy(wfilename, L"nul");
+ else if (!is_valid_win32_path(filename, 1)) {
int create = otype && strchr(otype, 'w');
errno = create ? EINVAL : ENOENT;
return NULL;
- }
- if (filename && !strcmp(filename, "/dev/null"))
- filename = "nul";
- if (xutftowcs_path(wfilename, filename) < 0 ||
- xutftowcs(wotype, otype, ARRAY_SIZE(wotype)) < 0)
+ } else if (xutftowcs_path(wfilename, filename) < 0)
return NULL;
+
+ if (xutftowcs(wotype, otype, ARRAY_SIZE(wotype)) < 0)
+ return NULL;
+
if (hide && !access(filename, F_OK) && set_hidden_flag(wfilename, 0)) {
error("could not unhide %s", filename);
return NULL;
@@ -577,16 +590,18 @@ FILE *mingw_freopen (const char *filename, const char *otype, FILE *stream)
int hide = needs_hiding(filename);
FILE *file;
wchar_t wfilename[MAX_PATH], wotype[4];
- if (!is_valid_win32_path(filename)) {
+ if (filename && !strcmp(filename, "/dev/null"))
+ wcscpy(wfilename, L"nul");
+ else if (!is_valid_win32_path(filename, 1)) {
int create = otype && strchr(otype, 'w');
errno = create ? EINVAL : ENOENT;
return NULL;
- }
- if (filename && !strcmp(filename, "/dev/null"))
- filename = "nul";
- if (xutftowcs_path(wfilename, filename) < 0 ||
- xutftowcs(wotype, otype, ARRAY_SIZE(wotype)) < 0)
+ } else if (xutftowcs_path(wfilename, filename) < 0)
+ return NULL;
+
+ if (xutftowcs(wotype, otype, ARRAY_SIZE(wotype)) < 0)
return NULL;
+
if (hide && !access(filename, F_OK) && set_hidden_flag(wfilename, 0)) {
error("could not unhide %s", filename);
return NULL;
@@ -1007,16 +1022,16 @@ int pipe(int filedes[2])
struct tm *gmtime_r(const time_t *timep, struct tm *result)
{
- /* gmtime() in MSVCRT.DLL is thread-safe, but not reentrant */
- memcpy(result, gmtime(timep), sizeof(struct tm));
- return result;
+ if (gmtime_s(result, timep) == 0)
+ return result;
+ return NULL;
}
struct tm *localtime_r(const time_t *timep, struct tm *result)
{
- /* localtime() in MSVCRT.DLL is thread-safe, but not reentrant */
- memcpy(result, localtime(timep), sizeof(struct tm));
- return result;
+ if (localtime_s(result, timep) == 0)
+ return result;
+ return NULL;
}
char *mingw_getcwd(char *pointer, int len)
@@ -1436,8 +1451,13 @@ static pid_t mingw_spawnve_fd(const char *cmd, const char **argv, char **deltaen
const char *dir,
int prepend_cmd, int fhin, int fhout, int fherr)
{
- STARTUPINFOW si;
+ static int restrict_handle_inheritance = -1;
+ STARTUPINFOEXW si;
PROCESS_INFORMATION pi;
+ LPPROC_THREAD_ATTRIBUTE_LIST attr_list = NULL;
+ HANDLE stdhandles[3];
+ DWORD stdhandles_count = 0;
+ SIZE_T size;
struct strbuf args;
wchar_t wcmd[MAX_PATH], wdir[MAX_PATH], *wargs, *wenvblk = NULL;
unsigned flags = CREATE_UNICODE_ENVIRONMENT;
@@ -1447,6 +1467,19 @@ static pid_t mingw_spawnve_fd(const char *cmd, const char **argv, char **deltaen
is_msys2_sh(cmd ? cmd : *argv) ?
quote_arg_msys2 : quote_arg_msvc;
+ /* Make sure to override previous errors, if any */
+ errno = 0;
+
+ if (restrict_handle_inheritance < 0)
+ restrict_handle_inheritance = core_restrict_inherited_handles;
+ /*
+ * The following code to restrict which handles are inherited seems
+ * to work properly only on Windows 7 and later, so let's disable it
+ * on Windows Vista and 2008.
+ */
+ if (restrict_handle_inheritance < 0)
+ restrict_handle_inheritance = GetVersion() >> 16 >= 7601;
+
do_unset_environment_variables();
/* Determine whether or not we are associated to a console */
@@ -1474,11 +1507,23 @@ static pid_t mingw_spawnve_fd(const char *cmd, const char **argv, char **deltaen
CloseHandle(cons);
}
memset(&si, 0, sizeof(si));
- si.cb = sizeof(si);
- si.dwFlags = STARTF_USESTDHANDLES;
- si.hStdInput = winansi_get_osfhandle(fhin);
- si.hStdOutput = winansi_get_osfhandle(fhout);
- si.hStdError = winansi_get_osfhandle(fherr);
+ si.StartupInfo.cb = sizeof(si);
+ si.StartupInfo.hStdInput = winansi_get_osfhandle(fhin);
+ si.StartupInfo.hStdOutput = winansi_get_osfhandle(fhout);
+ si.StartupInfo.hStdError = winansi_get_osfhandle(fherr);
+
+ /* The list of handles cannot contain duplicates */
+ if (si.StartupInfo.hStdInput != INVALID_HANDLE_VALUE)
+ stdhandles[stdhandles_count++] = si.StartupInfo.hStdInput;
+ if (si.StartupInfo.hStdOutput != INVALID_HANDLE_VALUE &&
+ si.StartupInfo.hStdOutput != si.StartupInfo.hStdInput)
+ stdhandles[stdhandles_count++] = si.StartupInfo.hStdOutput;
+ if (si.StartupInfo.hStdError != INVALID_HANDLE_VALUE &&
+ si.StartupInfo.hStdError != si.StartupInfo.hStdInput &&
+ si.StartupInfo.hStdError != si.StartupInfo.hStdOutput)
+ stdhandles[stdhandles_count++] = si.StartupInfo.hStdError;
+ if (stdhandles_count)
+ si.StartupInfo.dwFlags |= STARTF_USESTDHANDLES;
if (*argv && !strcmp(cmd, *argv))
wcmd[0] = L'\0';
@@ -1511,16 +1556,98 @@ static pid_t mingw_spawnve_fd(const char *cmd, const char **argv, char **deltaen
wenvblk = make_environment_block(deltaenv);
memset(&pi, 0, sizeof(pi));
- ret = CreateProcessW(*wcmd ? wcmd : NULL, wargs, NULL, NULL, TRUE,
- flags, wenvblk, dir ? wdir : NULL, &si, &pi);
+ if (restrict_handle_inheritance && stdhandles_count &&
+ (InitializeProcThreadAttributeList(NULL, 1, 0, &size) ||
+ GetLastError() == ERROR_INSUFFICIENT_BUFFER) &&
+ (attr_list = (LPPROC_THREAD_ATTRIBUTE_LIST)
+ (HeapAlloc(GetProcessHeap(), 0, size))) &&
+ InitializeProcThreadAttributeList(attr_list, 1, 0, &size) &&
+ UpdateProcThreadAttribute(attr_list, 0,
+ PROC_THREAD_ATTRIBUTE_HANDLE_LIST,
+ stdhandles,
+ stdhandles_count * sizeof(HANDLE),
+ NULL, NULL)) {
+ si.lpAttributeList = attr_list;
+ flags |= EXTENDED_STARTUPINFO_PRESENT;
+ }
+
+ ret = CreateProcessW(*wcmd ? wcmd : NULL, wargs, NULL, NULL,
+ stdhandles_count ? TRUE : FALSE,
+ flags, wenvblk, dir ? wdir : NULL,
+ &si.StartupInfo, &pi);
+
+ /*
+ * On Windows 2008 R2, it seems that specifying certain types of handles
+ * (such as FILE_TYPE_CHAR or FILE_TYPE_PIPE) will always produce an
+ * error. Rather than playing finicky and fragile games, let's just try
+ * to detect this situation and simply try again without restricting any
+ * handle inheritance. This is still better than failing to create
+ * processes.
+ */
+ if (!ret && restrict_handle_inheritance && stdhandles_count) {
+ DWORD err = GetLastError();
+ struct strbuf buf = STRBUF_INIT;
+
+ if (err != ERROR_NO_SYSTEM_RESOURCES &&
+ /*
+ * On Windows 7 and earlier, handles on pipes and character
+ * devices are inherited automatically, and cannot be
+ * specified in the thread handle list. Rather than trying
+ * to catch each and every corner case (and running the
+ * chance of *still* forgetting a few), let's just fall
+ * back to creating the process without trying to limit the
+ * handle inheritance.
+ */
+ !(err == ERROR_INVALID_PARAMETER &&
+ GetVersion() >> 16 < 9200) &&
+ !getenv("SUPPRESS_HANDLE_INHERITANCE_WARNING")) {
+ DWORD fl = 0;
+ int i;
+
+ setenv("SUPPRESS_HANDLE_INHERITANCE_WARNING", "1", 1);
+
+ for (i = 0; i < stdhandles_count; i++) {
+ HANDLE h = stdhandles[i];
+ strbuf_addf(&buf, "handle #%d: %p (type %lx, "
+ "handle info (%d) %lx\n", i, h,
+ GetFileType(h),
+ GetHandleInformation(h, &fl),
+ fl);
+ }
+ strbuf_addstr(&buf, "\nThis is a bug; please report it "
+ "at\nhttps://github.com/git-for-windows/"
+ "git/issues/new\n\n"
+ "To suppress this warning, please set "
+ "the environment variable\n\n"
+ "\tSUPPRESS_HANDLE_INHERITANCE_WARNING=1"
+ "\n");
+ }
+ restrict_handle_inheritance = 0;
+ flags &= ~EXTENDED_STARTUPINFO_PRESENT;
+ ret = CreateProcessW(*wcmd ? wcmd : NULL, wargs, NULL, NULL,
+ TRUE, flags, wenvblk, dir ? wdir : NULL,
+ &si.StartupInfo, &pi);
+ if (!ret)
+ errno = err_win_to_posix(GetLastError());
+ if (ret && buf.len) {
+ warning("failed to restrict file handles (%ld)\n\n%s",
+ err, buf.buf);
+ }
+ strbuf_release(&buf);
+ } else if (!ret)
+ errno = err_win_to_posix(GetLastError());
+
+ if (si.lpAttributeList)
+ DeleteProcThreadAttributeList(si.lpAttributeList);
+ if (attr_list)
+ HeapFree(GetProcessHeap(), 0, attr_list);
free(wenvblk);
free(wargs);
- if (!ret) {
- errno = ENOENT;
+ if (!ret)
return -1;
- }
+
CloseHandle(pi.hThread);
/*
@@ -1605,7 +1732,7 @@ static int try_shell_exec(const char *cmd, char *const *argv)
while (argv[argc]) argc++;
ALLOC_ARRAY(argv2, argc + 1);
argv2[0] = (char *)cmd; /* full path to the script file */
- memcpy(&argv2[1], &argv[1], sizeof(*argv) * argc);
+ COPY_ARRAY(&argv2[1], &argv[1], argc);
exec_id = trace2_exec(prog, argv2);
pid = mingw_spawnv(prog, argv2, 1);
if (pid >= 0) {
@@ -2406,14 +2533,16 @@ static void setup_windows_environment(void)
}
}
-int is_valid_win32_path(const char *path)
+int is_valid_win32_path(const char *path, int allow_literal_nul)
{
+ const char *p = path;
int preceding_space_or_period = 0, i = 0, periods = 0;
if (!protect_ntfs)
return 1;
skip_dos_drive_prefix((char **)&path);
+ goto segment_start;
for (;;) {
char c = *(path++);
@@ -2428,7 +2557,83 @@ int is_valid_win32_path(const char *path)
return 1;
i = periods = preceding_space_or_period = 0;
- continue;
+
+segment_start:
+ switch (*path) {
+ case 'a': case 'A': /* AUX */
+ if (((c = path[++i]) != 'u' && c != 'U') ||
+ ((c = path[++i]) != 'x' && c != 'X')) {
+not_a_reserved_name:
+ path += i;
+ continue;
+ }
+ break;
+ case 'c': case 'C': /* COM<N>, CON, CONIN$, CONOUT$ */
+ if ((c = path[++i]) != 'o' && c != 'O')
+ goto not_a_reserved_name;
+ c = path[++i];
+ if (c == 'm' || c == 'M') { /* COM<N> */
+ if (!isdigit(path[++i]))
+ goto not_a_reserved_name;
+ } else if (c == 'n' || c == 'N') { /* CON */
+ c = path[i + 1];
+ if ((c == 'i' || c == 'I') &&
+ ((c = path[i + 2]) == 'n' ||
+ c == 'N') &&
+ path[i + 3] == '$')
+ i += 3; /* CONIN$ */
+ else if ((c == 'o' || c == 'O') &&
+ ((c = path[i + 2]) == 'u' ||
+ c == 'U') &&
+ ((c = path[i + 3]) == 't' ||
+ c == 'T') &&
+ path[i + 4] == '$')
+ i += 4; /* CONOUT$ */
+ } else
+ goto not_a_reserved_name;
+ break;
+ case 'l': case 'L': /* LPT<N> */
+ if (((c = path[++i]) != 'p' && c != 'P') ||
+ ((c = path[++i]) != 't' && c != 'T') ||
+ !isdigit(path[++i]))
+ goto not_a_reserved_name;
+ break;
+ case 'n': case 'N': /* NUL */
+ if (((c = path[++i]) != 'u' && c != 'U') ||
+ ((c = path[++i]) != 'l' && c != 'L') ||
+ (allow_literal_nul &&
+ !path[i + 1] && p == path))
+ goto not_a_reserved_name;
+ break;
+ case 'p': case 'P': /* PRN */
+ if (((c = path[++i]) != 'r' && c != 'R') ||
+ ((c = path[++i]) != 'n' && c != 'N'))
+ goto not_a_reserved_name;
+ break;
+ default:
+ continue;
+ }
+
+ /*
+ * So far, this looks like a reserved name. Let's see
+ * whether it actually is one: trailing spaces, a file
+ * extension, or an NTFS Alternate Data Stream do not
+ * matter, the name is still reserved if any of those
+ * follow immediately after the actual name.
+ */
+ i++;
+ if (path[i] == ' ') {
+ preceding_space_or_period = 1;
+ while (path[++i] == ' ')
+ ; /* skip all spaces */
+ }
+
+ c = path[i];
+ if (c && c != '.' && c != ':' && c != '/' && c != '\\')
+ goto not_a_reserved_name;
+
+ /* contains reserved name */
+ return 0;
case '.':
periods++;
/* fallthru */