From owner-freebsd-audit Sun Aug 6 22:32:25 2000 Delivered-To: freebsd-audit@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id 78AF037B709; Sun, 6 Aug 2000 22:32:22 -0700 (PDT) (envelope-from kris@FreeBSD.org) Received: from localhost (kris@localhost) by freefall.freebsd.org (8.9.3/8.9.2) with ESMTP id WAA08658; Sun, 6 Aug 2000 22:32:22 -0700 (PDT) (envelope-from kris@FreeBSD.org) X-Authentication-Warning: freefall.freebsd.org: kris owned process doing -bs Date: Sun, 6 Aug 2000 22:32:22 -0700 (PDT) From: Kris Kennaway To: Mike Heffner Cc: Kris Kennaway , audit@freebsd.org Subject: RE: catopen() patch In-Reply-To: Message-ID: MIME-Version: 1.0 Content-Type: TEXT/PLAIN; charset=US-ASCII Sender: owner-freebsd-audit@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.ORG On Sat, 5 Aug 2000, Mike Heffner wrote: > We can still walk right off the end. Right you are! This isn't such a big deal since $NLSPATH isn't read if we;re setugid, but how does this patch look (relative to the one I already committed): Index: msgcat.c =================================================================== RCS file: /home/ncvs/src/lib/libc/nls/msgcat.c,v retrieving revision 1.22 diff -u -r1.22 msgcat.c --- msgcat.c 2000/08/05 04:56:43 1.22 +++ msgcat.c 2000/08/07 05:28:46 @@ -124,13 +124,14 @@ strcpy(cptr, nlspath); cptr[len] = ':'; cptr[len+1] = '\0'; + spcleft = sizeof(path); for (nlspath = cptr; *cptr; ++cptr) { if (*cptr == ':') { *cptr = '\0'; - for (pathP = path; *nlspath; ++nlspath) { + for (pathP = path; *nlspath && spcleft > 0; ++nlspath) { + spcleft = sizeof(path) - (pathP - path); if (*nlspath == '%') { - spcleft = sizeof(path) - (pathP - path); if (*(nlspath + 1) == 'L') { ++nlspath; if (strlcpy(pathP, lang, spcleft) >= spcleft) { Kris -- In God we Trust -- all others must submit an X.509 certificate. -- Charles Forsythe To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-audit" in the body of the message