Bugtraq mailing list archives
Re: Critical Security Problem in 4.4BSD crt0
From: tenser () SPITFIRE ECSEL PSU EDU (Dan Cross)
Date: Mon, 3 Feb 1997 02:48:34 -0500
Question: Does this problem in 2.1.5 appear in 2.1.6 or 2.1.6.1? Since the libraries are similar, my guess without comparing code is that the bug is there.
yes, the bug does indeed appear in 2.1.6, at least. Here's an untested
patch which SHOULD fix the problem, though:
----- Begin startup_setlocale.diff
*** startup_setlocale.c 1997/02/03 07:40:46 1.1
--- startup_setlocale.c 1997/02/03 07:41:47
***************
*** 174,183 ****
return(0);
}
! (void) strcpy(name, PathLocale);
! (void) strcat(name, "/");
! (void) strcat(name, encoding);
! (void) strcat(name, "/LC_CTYPE");
if ((fp = fopen(name, "r")) == NULL)
return(ENOENT);
--- 174,181 ----
return(0);
}
! (void) snprintf(name,
! PATH_MAX, "%s/%s/LC_CTYPE", PathLocale, encoding);
if ((fp = fopen(name, "r")) == NULL)
return(ENOENT);
----- End of startup_setlocale.diff
Note that there might be more problems, but I haven't got the time
to test for them right now. :-(
- Dan C.
Current thread:
- Critical Security Problem in 4.4BSD crt0 Thomas H. Ptacek (Feb 02)
- Re: [H-BUGTRAQ] Critical Security Problem in 4.4BSD crt0 A Bruce in the land of the Bruces (Feb 03)
- Re: [H-BUGTRAQ] Critical Security Problem in 4.4BSD crt0 Lex Spoon (Feb 03)
- Problems with locale routines in general... Thomas H. Ptacek (Feb 03)
- <Possible follow-ups>
- Re: Critical Security Problem in 4.4BSD crt0 Dan Cross (Feb 02)
- Re: Critical Security Problem in 4.4BSD crt0 Charles M. Hannum (Feb 03)
- Re: [H-BUGTRAQ] Critical Security Problem in 4.4BSD crt0 A Bruce in the land of the Bruces (Feb 03)