Fix yet another buffer overflow. :-(

Vulnerable: all programs that use setlocale(LC_COLLATE),
setlocale(LC_CTYPE), or setlocale(LC_ALL).  The only setuid/setgid
binary i've found for this is w(1).

Should go into 2.2.
This commit is contained in:
Joerg Wunsch 1996-12-16 17:32:58 +00:00
parent 45802f2a8a
commit 120e62ec50
2 changed files with 5 additions and 9 deletions

View File

@ -24,7 +24,7 @@
* OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
* SUCH DAMAGE.
*
* $Id: collate.c,v 1.8 1996/10/23 15:35:43 ache Exp $
* $Id: collate.c,v 1.9 1996/11/26 02:49:31 ache Exp $
*/
#include <rune.h>
@ -73,10 +73,8 @@ __collate_load_tables(encoding)
__collate_load_error = save_load_error;
return -1;
}
strcpy(buf, _PathLocale);
strcat(buf, "/");
strcat(buf, encoding);
strcat(buf, "/LC_COLLATE");
(void) snprintf(buf, sizeof buf, "%s/%s/LC_COLLATE",
_PathLocale, encoding);
if ((fp = fopen(buf, "r")) == NULL) {
__collate_load_error = save_load_error;
return -1;

View File

@ -85,10 +85,8 @@ _xpg4_setrunelocale(encoding)
if (!_PathLocale)
return(EFAULT);
(void) strcpy(name, _PathLocale);
(void) strcat(name, "/");
(void) strcat(name, encoding);
(void) strcat(name, "/LC_CTYPE");
(void) snprintf(name, sizeof name, "%s/%s/LC_CTYPE",
_PathLocale, encoding);
if ((fp = fopen(name, "r")) == NULL)
return(ENOENT);