upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 08:43:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

Disallow '/' characters in LC_* environment variables which might

Browse source 
be used to point to a bad locale file. This is only believed to be a
minor security risk - the only risk is if some program uses the result
of a localized string as a format specifier in a vulnerable function
like sprintf(). No such code is believed to exist in the FreeBSD base
system, although it is possible that badly written third party code
would do that.

Submitted by:	imp
Approved by:	ache
This commit is contained in:
Kris Kennaway 2000-09-08 07:29:48 +00:00
parent e45e88e8aa
commit b777873ec1
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
lib/libc/locale/setlocale.c
View file

@ -129,7 +129,7 @@ setlocale(category, locale)
if (!env || !*env)
env = getenv("LANG");
if (!env || !*env)
if (!env || !*env || strchr(env, '/'))
env = "C";
(void) strncpy(new_categories[category], env, ENCODING_LEN);