From b777873ec131d0c73ea5f5288240feddd23655ff Mon Sep 17 00:00:00 2001 From: Kris Kennaway Date: Fri, 8 Sep 2000 07:29:48 +0000 Subject: [PATCH] Disallow '/' characters in LC_* environment variables which might be used to point to a bad locale file. This is only believed to be a minor security risk - the only risk is if some program uses the result of a localized string as a format specifier in a vulnerable function like sprintf(). No such code is believed to exist in the FreeBSD base system, although it is possible that badly written third party code would do that. Submitted by: imp Approved by: ache --- lib/libc/locale/setlocale.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/libc/locale/setlocale.c b/lib/libc/locale/setlocale.c index daea2bc1751..cba6a531b48 100644 --- a/lib/libc/locale/setlocale.c +++ b/lib/libc/locale/setlocale.c @@ -129,7 +129,7 @@ setlocale(category, locale) if (!env || !*env) env = getenv("LANG"); - if (!env || !*env) + if (!env || !*env || strchr(env, '/')) env = "C"; (void) strncpy(new_categories[category], env, ENCODING_LEN);