aboutsummaryrefslogtreecommitdiff
path: root/ChangeLog
diff options
context:
space:
mode:
authorFlorian Weimer <fweimer@redhat.com>2014-05-12 15:24:12 +0200
committerFlorian Weimer <fweimer@redhat.com>2014-07-10 16:29:55 +0200
commit4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3 (patch)
tree9d423c33dd357da456df66249c30e086f25fb0dd /ChangeLog
parentd183645616b0533b3acee28f1a95570bffbdf50f (diff)
downloadglibc-4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3.tar
glibc-4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3.tar.gz
glibc-4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3.tar.bz2
glibc-4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3.zip
_nl_find_locale: Improve handling of crafted locale names [BZ #17137]
Prevent directory traversal in locale-related environment variables (CVE-2014-0475).
Diffstat (limited to 'ChangeLog')
-rw-r--r--ChangeLog9
1 files changed, 9 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog
index 5767e5c735..5ab0234b6e 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,5 +1,14 @@
2014-07-02 Florian Weimer <fweimer@redhat.com>
+ [BZ #17137]
+ * locale/findlocale.c (name_present, valid_locale_name): New
+ functions.
+ (_nl_find_locale): Use the loc_name variable to store name
+ candidates. Call name_present and valid_locale_name to check and
+ validate locale names. Return an error if the locale is invalid.
+
+2014-07-02 Florian Weimer <fweimer@redhat.com>
+
* locale/setlocale.c (setlocale): Use strdup for allocating
composite name copy.
generated by cgit v1.2.3 (git 2.25.1) at 2024-11-14 15:11:40 +0000