From 3081378bb23b20ff12e30204ef324183d38d3482 Mon Sep 17 00:00:00 2001 From: Ulrich Drepper Date: Tue, 19 May 1998 16:13:05 +0000 Subject: Update. 1998-05-19 15:58 Ulrich Drepper * elf/rtld.c (process_envvars): Fix typo. Don't handle LD_PROFILE_OUTPUT in SUID binaries. * intl/dcgettext.c: In SUID binaries don't let language part of locale value contain path elements. * intl/explodename.h: Define new function _nl_find_language. * intl/loadinfo.h: Declare _nl_find_language. * locale/findlocale.c (_nl_find_locale): Use _nl_find_locale to get language part it drop the value is path element is contained. * locale/setlocale.c: Fix typo. 1998-05-18 Philip Blundell * sysdeps/unix/sysv/linux/arm/socket.S: Correct handling of arguments. * sysdeps/arm/strlen.S: Support both big and little endian processors. * sysdeps/arm/sysdep.h (ALIGNARG): ELF .align directive uses a log, not a byte-count. * sysdeps/unix/arm/sysdep.S (syscall_error): Use C_SYMBOL_NAME for a.out compatibility. 1998-05-19 Andreas Jaeger * sysdeps/unix/bsd/vax/vfork.S: Fix the "the the" problems. * sysdeps/unix/bsd/sun/m68k/vfork.S: Likewise. * sysdeps/unix/bsd/hp/m68k/vfork.S: Likewise. * posix/unistd.h: Likewise. * math/math.h: Likewise. * manual/users.texi (Manipulating the Database): Likewise. * manual/signal.texi (Job Control Signals): Likewise. * manual/message.texi (The gencat program): Likewise. * manual/filesys.texi (Hard Links): Likewise. * manual/math.texi (SVID Random): Likewise. * manual/llio.texi (Waiting for I/O): Likewise. * manual/io.texi (File Name Errors): Likewise. * manual/conf.texi (String Parameters): Likewise. * manual/arith.texi (Infinity): Likewise. * malloc/malloc.c: Likewise. * hurd/hurdsig.c (_hurd_internal_post_signal): Likewise. * csu/Makefile: Likewise. --- locale/findlocale.c | 9 +++++++-- locale/setlocale.c | 4 ++-- 2 files changed, 9 insertions(+), 4 deletions(-) (limited to 'locale') diff --git a/locale/findlocale.c b/locale/findlocale.c index b651dbaaad..e2fdd06f6d 100644 --- a/locale/findlocale.c +++ b/locale/findlocale.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1996, 1997 Free Software Foundation, Inc. +/* Copyright (C) 1996, 1997, 1998 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper , 1996. @@ -20,6 +20,7 @@ #include #include #include +#include #include #include "localeinfo.h" @@ -51,7 +52,11 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len, const char *revision; struct loaded_l10nfile *locale_file; - if ((*name)[0] == '\0') + if ((*name)[0] == '\0' + /* In SUID binaries we must not allow people to access files + outside the dedicated locale directories. */ + || (__libc_enable_secure + && memchr (*name, '/', _nl_find_language (*name) - *name) != NULL)) { /* The user decides which locale to use by setting environment variables. */ diff --git a/locale/setlocale.c b/locale/setlocale.c index 33599c64db..4b6a300481 100644 --- a/locale/setlocale.c +++ b/locale/setlocale.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1991, 1992, 1995, 1996, 1997 Free Software Foundation, Inc. +/* Copyright (C) 1991, 92, 95, 96, 97, 98 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -360,7 +360,7 @@ setlocale (int category, const char *locale) /* We must not simply free a global locale since we have no control over the usage. So we mark it as un-deletable. - Note: do ont remove the `if', it's necessary to copy with + Note: do not remove the `if', it's necessary to copy with the builtin locale data. */ if (newdata->usage_count != UNDELETABLE) newdata->usage_count = UNDELETABLE; -- cgit v1.2.3-70-g09d2