From 39a98e9b68b84e40e759a0805758ec4726c9299e Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 27 Jun 2019 02:37:18 -0700 Subject: [PATCH 1/3] mingw: get pw_name in UTF-8 format Previously, we would have obtained the user name encoded in whatever the current code page is. Note: the "user name" here does not denote the full name but instead the short logon name. Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- compat/mingw.c | 10 ++++++++-- 1 file changed, 8 insertions(+), 2 deletions(-) diff --git a/compat/mingw.c b/compat/mingw.c index 9b6d2400e1..8526876262 100644 --- a/compat/mingw.c +++ b/compat/mingw.c @@ -1946,13 +1946,19 @@ struct passwd *getpwuid(int uid) static unsigned initialized; static char user_name[100]; static struct passwd *p; + wchar_t buf[100]; DWORD len; if (initialized) return p; - len = sizeof(user_name); - if (!GetUserName(user_name, &len)) { + len = sizeof(buf); + if (!GetUserNameW(buf, &len)) { + initialized = 1; + return NULL; + } + + if (xwcstoutf(user_name, buf, sizeof(user_name)) < 0) { initialized = 1; return NULL; } From 94238859b9809afc806919cb7022a45cdc8e6748 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 27 Jun 2019 02:37:19 -0700 Subject: [PATCH 2/3] mingw: use Unicode functions explicitly Many Win32 API functions actually exist in two variants: one with the `A` suffix that takes ANSI parameters (`char *` or `const char *`) and one with the `W` suffix that takes Unicode parameters (`wchar_t *` or `const wchar_t *`). The ANSI variant assumes that the strings are encoded according to whatever is the current locale. This is not what Git wants to use on Windows: we assume that `char *` variables point to strings encoded in UTF-8. There is a pseudo UTF-8 locale on Windows, but it does not work as one might expect. In addition, if we overrode the user's locale, that would modify the behavior of programs spawned by Git (such as editors, difftools, etc), therefore we cannot use that pseudo locale. Further, it is actually highly encouraged to use the Unicode versions instead of the ANSI versions, so let's do precisely that. Note: when calling the Win32 API functions _without_ any suffix, it depends whether the `UNICODE` constant is defined before the relevant headers are #include'd. Without that constant, the ANSI variants are used. Let's be explicit and avoid that ambiguity. Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- compat/mingw.c | 2 +- compat/poll/poll.c | 2 +- compat/winansi.c | 10 ++++++---- 3 files changed, 8 insertions(+), 6 deletions(-) diff --git a/compat/mingw.c b/compat/mingw.c index 8526876262..b8a62bf914 100644 --- a/compat/mingw.c +++ b/compat/mingw.c @@ -1407,7 +1407,7 @@ static pid_t mingw_spawnve_fd(const char *cmd, const char **argv, char **deltaen do_unset_environment_variables(); /* Determine whether or not we are associated to a console */ - cons = CreateFile("CONOUT$", GENERIC_WRITE, + cons = CreateFileW(L"CONOUT$", GENERIC_WRITE, FILE_SHARE_WRITE, NULL, OPEN_EXISTING, FILE_ATTRIBUTE_NORMAL, NULL); if (cons == INVALID_HANDLE_VALUE) { diff --git a/compat/poll/poll.c b/compat/poll/poll.c index 4459408c7d..8f24b80252 100644 --- a/compat/poll/poll.c +++ b/compat/poll/poll.c @@ -150,7 +150,7 @@ win32_compute_revents (HANDLE h, int *p_sought) if (!once_only) { NtQueryInformationFile = (PNtQueryInformationFile) - GetProcAddress (GetModuleHandle ("ntdll.dll"), + GetProcAddress (GetModuleHandleW (L"ntdll.dll"), "NtQueryInformationFile"); once_only = TRUE; } diff --git a/compat/winansi.c b/compat/winansi.c index f4f08237f9..cd947e048e 100644 --- a/compat/winansi.c +++ b/compat/winansi.c @@ -599,7 +599,7 @@ int winansi_isatty(int fd) void winansi_init(void) { int con1, con2; - char name[32]; + wchar_t name[32]; /* check if either stdout or stderr is a console output screen buffer */ con1 = is_console(1); @@ -619,13 +619,15 @@ void winansi_init(void) } /* create a named pipe to communicate with the console thread */ - xsnprintf(name, sizeof(name), "\\\\.\\pipe\\winansi%lu", GetCurrentProcessId()); - hwrite = CreateNamedPipe(name, PIPE_ACCESS_OUTBOUND, + if (swprintf(name, ARRAY_SIZE(name) - 1, L"\\\\.\\pipe\\winansi%lu", + GetCurrentProcessId()) < 0) + die("Could not initialize winansi pipe name"); + hwrite = CreateNamedPipeW(name, PIPE_ACCESS_OUTBOUND, PIPE_TYPE_BYTE | PIPE_WAIT, 1, BUFFER_SIZE, 0, 0, NULL); if (hwrite == INVALID_HANDLE_VALUE) die_lasterr("CreateNamedPipe failed"); - hread = CreateFile(name, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL); + hread = CreateFileW(name, GENERIC_READ, 0, NULL, OPEN_EXISTING, 0, NULL); if (hread == INVALID_HANDLE_VALUE) die_lasterr("CreateFile for named pipe failed"); From 697bdd22b887a0778489814e44dcec850aa82ad0 Mon Sep 17 00:00:00 2001 From: Johannes Schindelin Date: Thu, 4 Jul 2019 15:36:57 -0700 Subject: [PATCH 3/3] mingw: fix possible buffer overrun when calling `GetUserNameW()` In 39a98e9b68b8 (mingw: get pw_name in UTF-8 format, 2019-06-27), this developer missed the fact that the `GetUserNameW()` function takes the number of characters as `len` parameter, not the number of bytes. Reported-by: Beat Bolli Signed-off-by: Johannes Schindelin Signed-off-by: Junio C Hamano --- compat/mingw.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/compat/mingw.c b/compat/mingw.c index b8a62bf914..a0eb695653 100644 --- a/compat/mingw.c +++ b/compat/mingw.c @@ -1952,7 +1952,7 @@ struct passwd *getpwuid(int uid) if (initialized) return p; - len = sizeof(buf); + len = ARRAY_SIZE(buf); if (!GetUserNameW(buf, &len)) { initialized = 1; return NULL;