Skip site navigation (1)Skip section navigation (2)
Date:      Fri, 8 Sep 2000 00:29:49 -0700 (PDT)
From:      Kris Kennaway <kris@FreeBSD.org>
To:        cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org
Subject:   cvs commit: src/lib/libc/locale setlocale.c
Message-ID:  <200009080729.AAA13523@freefall.freebsd.org>

next in thread | raw e-mail | index | archive | help
kris        2000/09/08 00:29:49 PDT

  Modified files:
    lib/libc/locale      setlocale.c 
  Log:
  Disallow '/' characters in LC_* environment variables which might
  be used to point to a bad locale file. This is only believed to be a
  minor security risk - the only risk is if some program uses the result
  of a localized string as a format specifier in a vulnerable function
  like sprintf(). No such code is believed to exist in the FreeBSD base
  system, although it is possible that badly written third party code
  would do that.
  
  Submitted by:	imp
  Approved by:	ache
  
  Revision  Changes    Path
  1.28      +3 -3      src/lib/libc/locale/setlocale.c



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe cvs-all" in the body of the message




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200009080729.AAA13523>