From owner-freebsd-audit  Mon Aug  7 15:56:14 2000
Delivered-To: freebsd-audit@freebsd.org
Received: from smtp1a.ispchannel.com (smtp.ispchannel.com [24.142.63.7])
	by hub.freebsd.org (Postfix) with ESMTP
	id 6119837BB62; Mon,  7 Aug 2000 15:56:11 -0700 (PDT)
	(envelope-from mheffner@mailandnews.com)
Received: from muriel.penguinpowered.com ([208.138.198.109])
          by smtp1a.ispchannel.com
          (InterMail vK.4.02.00.00 201-232-116 license 7d3764cdaca754bf8ae20adf0db2aa60)
          with ESMTP
          id <20000807225757.CMKF8223.smtp1a@muriel.penguinpowered.com>;
          Mon, 7 Aug 2000 15:57:57 -0700
Content-Length: 2246
Message-ID: <XFMail.20000807185503.mheffner@mailandnews.com>
X-Mailer: XFMail 1.4.4 on FreeBSD
X-Priority: 3 (Normal)
Content-Type: text/plain; charset=us-ascii
Content-Transfer-Encoding: 8bit
MIME-Version: 1.0
In-Reply-To: <Pine.BSF.4.21.0008062231250.6484-100000@freefall.freebsd.org>
Date: Mon, 07 Aug 2000 18:55:03 -0400 (EDT)
Reply-To: Mike Heffner <spock@techfour.net>
From: Mike Heffner <mheffner@mailandnews.com>
To: Kris Kennaway <kris@FreeBSD.org>
Subject: RE: catopen() patch
Cc: audit@freebsd.org
Sender: owner-freebsd-audit@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.ORG

Well, I think we need to calculate spcleft at the end of each iteration, and
there needs to be one char left for the NULL. How does this patch look (against
rev. 1.22):

--- msgcat.c.orig       Mon Aug  7 18:42:28 2000
+++ msgcat.c    Mon Aug  7 18:51:42 2000
@@ -128,9 +128,10 @@
        for (nlspath = cptr; *cptr; ++cptr) {
            if (*cptr == ':') {
                *cptr = '\0';
-               for (pathP = path; *nlspath; ++nlspath) {
+               for (pathP = path, spcleft = sizeof(path);
+                        *nlspath && spcleft > 1;
+                        ++nlspath, spcleft = sizeof(path) - (pathP - path)) {
                    if (*nlspath == '%') {
-                       spcleft = sizeof(path) - (pathP - path);
                        if (*(nlspath + 1) == 'L') {
                            ++nlspath;
                            if (strlcpy(pathP, lang, spcleft) >= spcleft) {



On 07-Aug-2000 Kris Kennaway wrote:
|  
|  Right you are! This isn't such a big deal since $NLSPATH isn't read if
|  we;re setugid, but how does this patch look (relative to the one I
|  already committed):
|  
|  Index: msgcat.c
|  ===================================================================
|  RCS file: /home/ncvs/src/lib/libc/nls/msgcat.c,v
|  retrieving revision 1.22
|  diff -u -r1.22 msgcat.c
|  --- msgcat.c 2000/08/05 04:56:43     1.22
|  +++ msgcat.c 2000/08/07 05:28:46
|  @@ -124,13 +124,14 @@
|       strcpy(cptr, nlspath);
|       cptr[len] = ':';
|       cptr[len+1] = '\0';
|  +    spcleft = sizeof(path);
|   
|       for (nlspath = cptr; *cptr; ++cptr) {
|           if (*cptr == ':') {
|               *cptr = '\0';
|  -            for (pathP = path; *nlspath; ++nlspath) {
|  +            for (pathP = path; *nlspath && spcleft > 0; ++nlspath) {
|  +                spcleft = sizeof(path) - (pathP - path);
|                   if (*nlspath == '%') {
|  -                    spcleft = sizeof(path) - (pathP - path);
|                       if (*(nlspath + 1) == 'L') {
|                           ++nlspath;
|                           if (strlcpy(pathP, lang, spcleft) >= spcleft) {
|  


-- 
  Mike Heffner  <spock@techfour.net>
  Fredericksburg, VA     ICQ# 882073
  http://my.ispchannel.com/~mheffner


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-audit" in the body of the message