From owner-freebsd-security  Thu Aug  1 18:12:37 2002
Delivered-To: freebsd-security@freebsd.org
Received: from mx1.FreeBSD.org (mx1.FreeBSD.org [216.136.204.125])
	by hub.freebsd.org (Postfix) with ESMTP id 695FD37B400
	for <security@freebsd.org>; Thu,  1 Aug 2002 18:12:34 -0700 (PDT)
Received: from nagual.pp.ru (pobrecita.freebsd.ru [194.87.13.42])
	by mx1.FreeBSD.org (Postfix) with ESMTP id 6E83A43E7B
	for <security@freebsd.org>; Thu,  1 Aug 2002 18:12:33 -0700 (PDT)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: from pobrecita.freebsd.ru (ache@localhost [127.0.0.1])
	by nagual.pp.ru (8.12.5/8.12.5) with ESMTP id g721CSDG006483
	for <security@freebsd.org>; Fri, 2 Aug 2002 05:12:30 +0400 (MSD)
	(envelope-from ache@pobrecita.freebsd.ru)
Received: (from ache@localhost)
	by pobrecita.freebsd.ru (8.12.5/8.12.5/Submit) id g721CRAJ006482
	for security@freebsd.org; Fri, 2 Aug 2002 05:12:27 +0400 (MSD)
	(envelope-from ache)
Date: Fri, 2 Aug 2002 05:12:26 +0400
From: "Andrey A. Chernov" <ache@nagual.pp.ru>
To: security@freebsd.org
Subject: [ache@FreeBSD.org: cvs commit: src/lib/libc/locale setlocale.c]
Message-ID: <20020802011225.GA6411@nagual.pp.ru>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.5.1i
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Please fill security advisory for this fix (first part). That original BSD
code bug can be exploitable.

----- Forwarded message from "Andrey A. Chernov" <ache@FreeBSD.org> -----

Date: Thu, 1 Aug 2002 18:04:49 -0700 (PDT)
From: "Andrey A. Chernov" <ache@FreeBSD.org>
Subject: cvs commit: src/lib/libc/locale setlocale.c
To: cvs-committers@FreeBSD.org, cvs-all@FreeBSD.org

ache        2002/08/01 18:04:49 PDT

  Modified files:
    lib/libc/locale      setlocale.c 
  Log:
  Prevent out of bounds writting for too many slashes case.
  Replace strnpy + ='\0' with strlcpy
  
  MFC after:      1 day
  
  Revision  Changes    Path
  1.35      +10 -14    src/lib/libc/locale/setlocale.c

----- End forwarded message -----

-- 
Andrey A. Chernov
http://ache.pp.ru/

To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message