Skip site navigation (1)Skip section navigation (2)
Date:      Mon, 3 Feb 1997 04:08:55 -0500 (EST)
From:      spork <spork@super-g.com>
To:        Dan Cross <tenser@spitfire.ecsel.psu.edu>
Cc:        freebsd-security@freebsd.org
Subject:   Re: Critical Security Problem in 4.4BSD crt0 
Message-ID:  <Pine.BSF.3.95.970203040747.18920A-100000@super-g.inch.com>
In-Reply-To: <19970203074835.13187.qmail@spitfire.ecsel.psu.edu>

next in thread | previous in thread | raw e-mail | index | archive | help
What would happen if the "safe" 2.2 library were used under 2.1.6?  It
certainly compiles OK...  Or am I smoking crack here?

Charles


On Mon, 3 Feb 1997, Dan Cross wrote:

> > Question: Does this problem in 2.1.5 appear in 2.1.6 or 2.1.6.1?  Since the 
> > libraries are similar, my guess without comparing code is that the bug
> > is there.
> 
> yes, the bug does indeed appear in 2.1.6, at least.  Here's an untested
> patch which SHOULD fix the problem, though:
> 
> ----- Begin startup_setlocale.diff
> *** startup_setlocale.c	1997/02/03 07:40:46	1.1
> --- startup_setlocale.c	1997/02/03 07:41:47
> ***************
> *** 174,183 ****
>   		return(0);
>   	}
>   
> ! 	(void) strcpy(name, PathLocale);
> ! 	(void) strcat(name, "/");
> ! 	(void) strcat(name, encoding);
> ! 	(void) strcat(name, "/LC_CTYPE");
>   
>   	if ((fp = fopen(name, "r")) == NULL)
>   		return(ENOENT);
> --- 174,181 ----
>   		return(0);
>   	}
>   
> ! 	(void) snprintf(name,
> ! 		PATH_MAX, "%s/%s/LC_CTYPE", PathLocale, encoding);
>   
>   	if ((fp = fopen(name, "r")) == NULL)
>   		return(ENOENT);
> -----  End of startup_setlocale.diff
> 
> Note that there might be more problems, but I haven't got the time
> to test for them right now.  :-(
> 
> 	- Dan C.
> 




Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?Pine.BSF.3.95.970203040747.18920A-100000>