From e2900279d267ee3e6c0631bf87aa1a1c72a9d5bd Mon Sep 17 00:00:00 2001 From: "Andrey A. Chernov" Date: Wed, 27 Nov 1996 22:30:44 +0000 Subject: [PATCH] Add rcsid[] Since locale reading code not resistent against stack overflowing or similar intruder attacks, don't allow PATH_LOCALE env variable action for s-bit programs (non-standard locale path setting) --- lib/libc/locale/setlocale.c | 32 +++++++++++++++++++------------- 1 file changed, 19 insertions(+), 13 deletions(-) diff --git a/lib/libc/locale/setlocale.c b/lib/libc/locale/setlocale.c index 85cedb82c9b6..7510a2ab03cf 100644 --- a/lib/libc/locale/setlocale.c +++ b/lib/libc/locale/setlocale.c @@ -33,19 +33,26 @@ * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF * SUCH DAMAGE. * - * $Id$ + * $Id: setlocale.c,v 1.10 1996/11/26 08:00:17 ache Exp $ */ +#ifdef LIBC_RCS +static const char rcsid[] = + "$Id$"; +#endif + #if defined(LIBC_SCCS) && !defined(lint) static char sccsid[] = "@(#)setlocale.c 8.1 (Berkeley) 7/4/93"; #endif /* LIBC_SCCS and not lint */ +#include +#include #include #include #include #include #include -#include +#include #include "collate.h" /* @@ -225,22 +232,21 @@ loadlocale(category) char *new = new_categories[category]; char *old = current_categories[category]; - if (strcmp(new, old) == 0) - return (old); - - if ( !_PathLocale - && strcmp(new, "C") && strcmp(new, "POSIX") - ) { - char *pl = getenv("PATH_LOCALE"); - - if (!pl) + if (!_PathLocale) { + if ( !(ret = getenv("PATH_LOCALE")) + || getuid() != geteuid() + || getgid() != getegid() + ) _PathLocale = _PATH_LOCALE; - else if ( strlen(pl) + 45 > PATH_MAX - || !(_PathLocale = strdup(pl)) + else if ( strlen(ret) + 45 > PATH_MAX + || !(_PathLocale = strdup(ret)) ) return (NULL); } + if (strcmp(new, old) == 0) + return (old); + if (category == LC_CTYPE) { #ifdef XPG4 ret = _xpg4_setrunelocale(new) ? NULL : new;