Fix yet another buffer overflow. :-(
Vulnerable: all programs that use setlocale(LC_COLLATE), setlocale(LC_CTYPE), or setlocale(LC_ALL). The only setuid/setgid binary i've found for this is w(1). Should go into 2.2.
This commit is contained in:
parent
45802f2a8a
commit
120e62ec50
|
@ -24,7 +24,7 @@
|
||||||
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
|
||||||
* SUCH DAMAGE.
|
* SUCH DAMAGE.
|
||||||
*
|
*
|
||||||
* $Id: collate.c,v 1.8 1996/10/23 15:35:43 ache Exp $
|
* $Id: collate.c,v 1.9 1996/11/26 02:49:31 ache Exp $
|
||||||
*/
|
*/
|
||||||
|
|
||||||
#include <rune.h>
|
#include <rune.h>
|
||||||
|
@ -73,10 +73,8 @@ __collate_load_tables(encoding)
|
||||||
__collate_load_error = save_load_error;
|
__collate_load_error = save_load_error;
|
||||||
return -1;
|
return -1;
|
||||||
}
|
}
|
||||||
strcpy(buf, _PathLocale);
|
(void) snprintf(buf, sizeof buf, "%s/%s/LC_COLLATE",
|
||||||
strcat(buf, "/");
|
_PathLocale, encoding);
|
||||||
strcat(buf, encoding);
|
|
||||||
strcat(buf, "/LC_COLLATE");
|
|
||||||
if ((fp = fopen(buf, "r")) == NULL) {
|
if ((fp = fopen(buf, "r")) == NULL) {
|
||||||
__collate_load_error = save_load_error;
|
__collate_load_error = save_load_error;
|
||||||
return -1;
|
return -1;
|
||||||
|
|
|
@ -85,10 +85,8 @@ _xpg4_setrunelocale(encoding)
|
||||||
|
|
||||||
if (!_PathLocale)
|
if (!_PathLocale)
|
||||||
return(EFAULT);
|
return(EFAULT);
|
||||||
(void) strcpy(name, _PathLocale);
|
(void) snprintf(name, sizeof name, "%s/%s/LC_CTYPE",
|
||||||
(void) strcat(name, "/");
|
_PathLocale, encoding);
|
||||||
(void) strcat(name, encoding);
|
|
||||||
(void) strcat(name, "/LC_CTYPE");
|
|
||||||
|
|
||||||
if ((fp = fopen(name, "r")) == NULL)
|
if ((fp = fopen(name, "r")) == NULL)
|
||||||
return(ENOENT);
|
return(ENOENT);
|
||||||
|
|
Loading…
Reference in New Issue