Add rcsid[]

Since locale reading code not resistent against stack overflowing or
similar intruder attacks, don't allow PATH_LOCALE env variable action
for s-bit programs (non-standard locale path setting)

1 files changed, 19 insertions, 13 deletions

diff --git a/lib/libc/locale/setlocale.c b/lib/libc/locale/setlocale.c
index 85cedb8..7510a2a 100644
--- a/lib/libc/locale/setlocale.c
+++ b/lib/libc/locale/setlocale.c
@@ -33,19 +33,26 @@
  * OUT OF THE USE OF THIS SOFTWARE, EVEN IF ADVISED OF THE POSSIBILITY OF
  * SUCH DAMAGE.
  *
- * $Id$
+ * $Id: setlocale.c,v 1.10 1996/11/26 08:00:17 ache Exp $
  */
 
+#ifdef LIBC_RCS
+static const char rcsid[] =
+	"$Id$";
+#endif
+
 #if defined(LIBC_SCCS) && !defined(lint)
 static char sccsid[] = "@(#)setlocale.c	8.1 (Berkeley) 7/4/93";
 #endif /* LIBC_SCCS and not lint */
 
+#include <sys/types.h>
+#include <sys/stat.h>
 #include <limits.h>
 #include <locale.h>
 #include <rune.h>
 #include <stdlib.h>
 #include <string.h>
-#include <sys/stat.h>
+#include <unistd.h>
 #include "collate.h"
 
 /*
@@ -225,22 +232,21 @@ loadlocale(category)
 	char *new = new_categories[category];
 	char *old = current_categories[category];
 
-	if (strcmp(new, old) == 0)
-		return (old);
-
-	if (   !_PathLocale
-	    && strcmp(new, "C") && strcmp(new, "POSIX")
-	   ) {
-		char *pl = getenv("PATH_LOCALE");
-
-		if (!pl)
+	if (!_PathLocale) {
+		if (   !(ret = getenv("PATH_LOCALE"))
+		    || getuid() != geteuid()
+		    || getgid() != getegid()
+		   )
 			_PathLocale = _PATH_LOCALE;
-		else if (   strlen(pl) + 45 > PATH_MAX
-			 || !(_PathLocale = strdup(pl))
+		else if (   strlen(ret) + 45 > PATH_MAX
+			 || !(_PathLocale = strdup(ret))
 			)
 			return (NULL);
 	}
 
+	if (strcmp(new, old) == 0)
+		return (old);
+
 	if (category == LC_CTYPE) {
 #ifdef XPG4
 		ret = _xpg4_setrunelocale(new) ? NULL : new;