From owner-cvs-all Fri Sep 8 0:29:51 2000 Delivered-To: cvs-all@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 34D0037B422; Fri, 8 Sep 2000 00:29:49 -0700 (PDT) Received: (from kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id AAA13523; Fri, 8 Sep 2000 00:29:49 -0700 (PDT) (envelope-from kris@FreeBSD.org) Message-Id: <200009080729.AAA13523@freefall.freebsd.org> From: Kris Kennaway Date: Fri, 8 Sep 2000 00:29:49 -0700 (PDT) To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org Subject: cvs commit: src/lib/libc/locale setlocale.c X-FreeBSD-CVS-Branch: HEAD Sender: owner-cvs-all@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG kris 2000/09/08 00:29:49 PDT Modified files: lib/libc/locale setlocale.c Log: Disallow '/' characters in LC_* environment variables which might be used to point to a bad locale file. This is only believed to be a minor security risk - the only risk is if some program uses the result of a localized string as a format specifier in a vulnerable function like sprintf(). No such code is believed to exist in the FreeBSD base system, although it is possible that badly written third party code would do that. Submitted by: imp Approved by: ache Revision Changes Path 1.28 +3 -3 src/lib/libc/locale/setlocale.c To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe cvs-all" in the body of the message