From owner-freebsd-security Wed Feb 5 12:10:46 1997 Return-Path: Received: (from root@localhost) by freefall.freebsd.org (8.8.5/8.8.5) id MAA08190 for security-outgoing; Wed, 5 Feb 1997 12:10:46 -0800 (PST) Received: from Mailbox.mcs.com (Mailbox.mcs.com [192.160.127.87]) by freefall.freebsd.org (8.8.5/8.8.5) with ESMTP id MAA08181; Wed, 5 Feb 1997 12:10:35 -0800 (PST) Received: from Jupiter.Mcs.Net (karl@Jupiter.mcs.net [192.160.127.88]) by Mailbox.mcs.com (8.8.5/8.8.2) with ESMTP id OAA21699; Wed, 5 Feb 1997 14:10:34 -0600 (CST) Received: (from karl@localhost) by Jupiter.Mcs.Net (8.8.5/8.8.2) id OAA11914; Wed, 5 Feb 1997 14:10:33 -0600 (CST) From: Karl Denninger Message-Id: <199702052010.OAA11914@Jupiter.Mcs.Net> Subject: REPLACE LAST MESSAGE REGARDING PATCHES - I posted the wrong file To: karl@Mcs.Net (Karl Denninger) Date: Wed, 5 Feb 1997 14:10:33 -0600 (CST) Cc: tqbf@enteract.com, karl@Mcs.Net, freebsd-security@freebsd.org, current@freebsd.org In-Reply-To: <199702052006.OAA11778@Jupiter.Mcs.Net> from "Karl Denninger" at Feb 5, 97 02:06:13 pm X-Mailer: ELM [version 2.4 PL24] Content-Type: text Sender: owner-security@freebsd.org X-Loop: FreeBSD.org Precedence: bulk Blargh! Wrong file included. These DO compile; again, they are currently UNDER TEST. *** collate.c Wed Feb 5 14:08:43 1997 --- collate.c.orig Wed Feb 5 13:26:08 1997 *************** *** 74,83 **** return -1; } /* Range checking already done at upper level caller */ ! (void) strncpy(buf, _PathLocale, (PATH_MAX - 1)); ! (void) strncat(buf, "/", (PATH_MAX - (2 + strlen(buf)))); ! (void) strncat(buf, encoding, (PATH_MAX - (1 + strlen(buf)))); ! (void) strncat(buf, "/LC_COLLATE", (PATH_MAX - (1 + strlen(buf)))); if ((fp = fopen(buf, "r")) == NULL) { __collate_load_error = save_load_error; return -1; --- 74,83 ---- return -1; } /* Range checking already done at upper level caller */ ! (void) strcpy(buf, _PathLocale); ! (void) strcat(buf, "/"); ! (void) strcat(buf, encoding); ! (void) strcat(buf, "/LC_COLLATE"); if ((fp = fopen(buf, "r")) == NULL) { __collate_load_error = save_load_error; return -1; *** setlocale.c Wed Feb 5 14:07:23 1997 --- setlocale.c.orig Wed Feb 5 13:26:12 1997 *************** *** 106,119 **** int i, j, len; char *env, *r; - /* - * KSD - If we're setuid or setgid, or root, ignore this and return - * instantly 2/5/97 - */ - if ((geteuid() != getuid()) || (getegid() != getgid()) || !geteuid()) { - return(NULL); - } - if (category < LC_ALL || category >= _LC_LAST) return (NULL); --- 106,111 ---- *************** *** 124,133 **** /* * Default to the current locale for everything. */ ! for (i = 1; i < _LC_LAST; ++i) { ! (void)strncpy(new_categories[i], current_categories[i], 31); ! new_categories[i][31] = 0; ! } /* * Now go fill up new_categories from the locale argument --- 116,123 ---- /* * Default to the current locale for everything. */ ! for (i = 1; i < _LC_LAST; ++i) ! (void)strcpy(new_categories[i], current_categories[i]); /* * Now go fill up new_categories from the locale argument *************** *** 176,199 **** ++locale; while (*++r && *r != '/'); } while (*locale); ! while (i < _LC_LAST) { ! (void)strncpy(new_categories[i], ! new_categories[i-1], 31); ! new_categories[i][31] = 0; ! } } } if (category) return (loadlocale(category)); for (i = 1; i < _LC_LAST; ++i) { ! (void)strncpy(saved_categories[i], current_categories[i], 31); ! saved_categories[i][31] = 0; if (loadlocale(i) == NULL) { for (j = 1; j < i; j++) { ! (void)strncpy(new_categories[j], ! saved_categories[j], 31); ! new_categories[j][31] = 0; /* XXX can fail too */ (void)loadlocale(j); } --- 166,186 ---- ++locale; while (*++r && *r != '/'); } while (*locale); ! while (i < _LC_LAST) ! (void)strcpy(new_categories[i], ! new_categories[i-1]); } } + if (category) return (loadlocale(category)); for (i = 1; i < _LC_LAST; ++i) { ! (void)strcpy(saved_categories[i], current_categories[i]); if (loadlocale(i) == NULL) { for (j = 1; j < i; j++) { ! (void)strcpy(new_categories[j], ! saved_categories[j]); /* XXX can fail too */ (void)loadlocale(j); } *************** *** 218,226 **** currentlocale() { int i; - /* - * Bounds already checked on current_categories; can't overflow - KSD 2/5/97 - */ (void)strcpy(current_locale_string, current_categories[1]); --- 205,210 ---- *** setrunelocale.c Wed Feb 5 14:08:18 1997 --- setrunelocale.c.orig Wed Feb 5 13:26:22 1997 *************** *** 86,96 **** if (!_PathLocale) return(EFAULT); /* Range checking already done at upper level caller */ ! (void) strncpy(name, _PathLocale, (PATH_MAX - 1)); ! name[PATH_MAX - 1] = 0; (void) strcat(name, "/"); ! (void) strncat(name, encoding, (PATH_MAX - (2 + strlen(name)))); ! (void) strncat(name, "/LC_CTYPE", (PATH_MAX - (2 + strlen(name)))); if ((fp = fopen(name, "r")) == NULL) return(ENOENT); --- 86,95 ---- if (!_PathLocale) return(EFAULT); /* Range checking already done at upper level caller */ ! (void) strcpy(name, _PathLocale); (void) strcat(name, "/"); ! (void) strcat(name, encoding); ! (void) strcat(name, "/LC_CTYPE"); if ((fp = fopen(name, "r")) == NULL) return(ENOENT); --- -- Karl Denninger (karl@MCS.Net)| MCSNet - The Finest Internet Connectivity http://www.mcs.net/~karl | T1's from $600 monthly to FULL DS-3 Service | 99 Analog numbers, 77 ISDN, Web servers $75/mo Voice: [+1 312 803-MCS1 x219]| Email to "info@mcs.net" WWW: http://www.mcs.net/ Fax: [+1 773 248-9865] | 2 FULL DS-3 Internet links; 400Mbps B/W Internal