diff options
Diffstat (limited to 'locale')
-rw-r--r-- | locale/findlocale.c | 9 | ||||
-rw-r--r-- | locale/setlocale.c | 4 |
2 files changed, 9 insertions, 4 deletions
diff --git a/locale/findlocale.c b/locale/findlocale.c index b651dba..e2fdd06 100644 --- a/locale/findlocale.c +++ b/locale/findlocale.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1996, 1997 Free Software Foundation, Inc. +/* Copyright (C) 1996, 1997, 1998 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1996. @@ -20,6 +20,7 @@ #include <locale.h> #include <stdlib.h> #include <string.h> +#include <unistd.h> #include <sys/mman.h> #include "localeinfo.h" @@ -51,7 +52,11 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len, const char *revision; struct loaded_l10nfile *locale_file; - if ((*name)[0] == '\0') + if ((*name)[0] == '\0' + /* In SUID binaries we must not allow people to access files + outside the dedicated locale directories. */ + || (__libc_enable_secure + && memchr (*name, '/', _nl_find_language (*name) - *name) != NULL)) { /* The user decides which locale to use by setting environment variables. */ diff --git a/locale/setlocale.c b/locale/setlocale.c index 33599c6..4b6a300 100644 --- a/locale/setlocale.c +++ b/locale/setlocale.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1991, 1992, 1995, 1996, 1997 Free Software Foundation, Inc. +/* Copyright (C) 1991, 92, 95, 96, 97, 98 Free Software Foundation, Inc. This file is part of the GNU C Library. The GNU C Library is free software; you can redistribute it and/or @@ -360,7 +360,7 @@ setlocale (int category, const char *locale) /* We must not simply free a global locale since we have no control over the usage. So we mark it as un-deletable. - Note: do ont remove the `if', it's necessary to copy with + Note: do not remove the `if', it's necessary to copy with the builtin locale data. */ if (newdata->usage_count != UNDELETABLE) newdata->usage_count = UNDELETABLE; |