Disallow '/' characters in LC_* environment variables which might

be used to point to a bad locale file. This is only believed to be a minor security risk - the only risk is if some program uses the result of a localized string as a format specifier in a vulnerable function like sprintf(). No such code is believed to exist in the FreeBSD base system, although it is possible that badly written third party code would do that. Submitted by: imp Approved by: ache
author: kris <kris@FreeBSD.org> 2000-09-08 07:29:48 +0000
committer: kris <kris@FreeBSD.org> 2000-09-08 07:29:48 +0000
commit: a1158cce42b1187020cae51851c33732abf6f175 (patch)
tree: 5be7eba4d808c4f9fa1e80d7f17f15eb9036c807 /lib/libc/locale
parent: 5d888c38ed264f8b0de18f8fee1b728c7f78ef80 (diff)
download: FreeBSD-src-a1158cce42b1187020cae51851c33732abf6f175.zip
FreeBSD-src-a1158cce42b1187020cae51851c33732abf6f175.tar.gz
1 files changed, 1 insertions, 1 deletions
diff --git a/lib/libc/locale/setlocale.c b/lib/libc/locale/setlocale.c
index daea2bc..cba6a53 100644
--- a/lib/libc/locale/setlocale.c
+++ b/lib/libc/locale/setlocale.c
@@ -129,7 +129,7 @@ setlocale(category, locale)
 		if (!env || !*env)
 			env = getenv("LANG");
 
-		if (!env || !*env)
+		if (!env || !*env || strchr(env, '/'))
 			env = "C";
 
 		(void) strncpy(new_categories[category], env, ENCODING_LEN);
author	kris <kris@FreeBSD.org>	2000-09-08 07:29:48 +0000
committer	kris <kris@FreeBSD.org>	2000-09-08 07:29:48 +0000
commit	a1158cce42b1187020cae51851c33732abf6f175 (patch)
tree	5be7eba4d808c4f9fa1e80d7f17f15eb9036c807 /lib/libc/locale
parent	5d888c38ed264f8b0de18f8fee1b728c7f78ef80 (diff)
download	FreeBSD-src-a1158cce42b1187020cae51851c33732abf6f175.zip FreeBSD-src-a1158cce42b1187020cae51851c33732abf6f175.tar.gz