Fix yet another buffer overflow. :-(

Vulnerable: all programs that use setlocale(LC_COLLATE), setlocale(LC_CTYPE), or setlocale(LC_ALL). The only setuid/setgid binary i've found for this is w(1). Should go into 2.2.
author: joerg <joerg@FreeBSD.org> 1996-12-16 17:32:58 +0000
committer: joerg <joerg@FreeBSD.org> 1996-12-16 17:32:58 +0000
commit: 971f474616993e9b2e653a649d0457ae5f2d1440 (patch)
tree: 5ecf058a45e73b7f913b30d3bd213de9e9221803 /lib/libc/locale/collate.c
parent: 9c54862a3510bbc916453d7fe374a0f6a715bed5 (diff)
download: FreeBSD-src-971f474616993e9b2e653a649d0457ae5f2d1440.zip
FreeBSD-src-971f474616993e9b2e653a649d0457ae5f2d1440.tar.gz
1 files changed, 3 insertions, 5 deletions
diff --git a/lib/libc/locale/collate.c b/lib/libc/locale/collate.c
index a74a1a3..79e410c 100644
--- a/lib/libc/locale/collate.c
+++ b/lib/libc/locale/collate.c
@@ -24,7 +24,7 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id: collate.c,v 1.8 1996/10/23 15:35:43 ache Exp $
+ * $Id: collate.c,v 1.9 1996/11/26 02:49:31 ache Exp $
  */
 
 #include <rune.h>
@@ -73,10 +73,8 @@ __collate_load_tables(encoding)
 		__collate_load_error = save_load_error;
 		return -1;
 	}
-	strcpy(buf, _PathLocale);
-	strcat(buf, "/");
-	strcat(buf, encoding);
-	strcat(buf, "/LC_COLLATE");
+	(void) snprintf(buf, sizeof buf, "%s/%s/LC_COLLATE",
+			_PathLocale, encoding);
 	if ((fp = fopen(buf, "r")) == NULL) {
 		__collate_load_error = save_load_error;
 		return -1;
author	joerg <joerg@FreeBSD.org>	1996-12-16 17:32:58 +0000
committer	joerg <joerg@FreeBSD.org>	1996-12-16 17:32:58 +0000
commit	971f474616993e9b2e653a649d0457ae5f2d1440 (patch)
tree	5ecf058a45e73b7f913b30d3bd213de9e9221803 /lib/libc/locale/collate.c
parent	9c54862a3510bbc916453d7fe374a0f6a715bed5 (diff)
download	FreeBSD-src-971f474616993e9b2e653a649d0457ae5f2d1440.zip FreeBSD-src-971f474616993e9b2e653a649d0457ae5f2d1440.tar.gz