diff options
author | Ulrich Drepper <drepper@redhat.com> | 1998-05-19 16:13:05 +0000 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 1998-05-19 16:13:05 +0000 |
commit | 3081378bb23b20ff12e30204ef324183d38d3482 (patch) | |
tree | e74244f6b6e90f5d2649526aa58d312f2a3d2099 /locale/findlocale.c | |
parent | ed277b4ec4e4bde37970e7ddc109706b48fedb56 (diff) | |
download | glibc-3081378bb23b20ff12e30204ef324183d38d3482.zip glibc-3081378bb23b20ff12e30204ef324183d38d3482.tar.gz glibc-3081378bb23b20ff12e30204ef324183d38d3482.tar.bz2 |
Update.
1998-05-19 15:58 Ulrich Drepper <drepper@cygnus.com>
* elf/rtld.c (process_envvars): Fix typo. Don't handle
LD_PROFILE_OUTPUT in SUID binaries.
* intl/dcgettext.c: In SUID binaries don't let language part of
locale value contain path elements.
* intl/explodename.h: Define new function _nl_find_language.
* intl/loadinfo.h: Declare _nl_find_language.
* locale/findlocale.c (_nl_find_locale): Use _nl_find_locale to get
language part it drop the value is path element is contained.
* locale/setlocale.c: Fix typo.
1998-05-18 Philip Blundell <Philip.Blundell@pobox.com>
* sysdeps/unix/sysv/linux/arm/socket.S: Correct handling of arguments.
* sysdeps/arm/strlen.S: Support both big and little endian processors.
* sysdeps/arm/sysdep.h (ALIGNARG): ELF .align directive uses a
log, not a byte-count.
* sysdeps/unix/arm/sysdep.S (syscall_error): Use C_SYMBOL_NAME for
a.out compatibility.
1998-05-19 Andreas Jaeger <aj@arthur.rhein-neckar.de>
* sysdeps/unix/bsd/vax/vfork.S: Fix the "the the" problems.
* sysdeps/unix/bsd/sun/m68k/vfork.S: Likewise.
* sysdeps/unix/bsd/hp/m68k/vfork.S: Likewise.
* posix/unistd.h: Likewise.
* math/math.h: Likewise.
* manual/users.texi (Manipulating the Database): Likewise.
* manual/signal.texi (Job Control Signals): Likewise.
* manual/message.texi (The gencat program): Likewise.
* manual/filesys.texi (Hard Links): Likewise.
* manual/math.texi (SVID Random): Likewise.
* manual/llio.texi (Waiting for I/O): Likewise.
* manual/io.texi (File Name Errors): Likewise.
* manual/conf.texi (String Parameters): Likewise.
* manual/arith.texi (Infinity): Likewise.
* malloc/malloc.c: Likewise.
* hurd/hurdsig.c (_hurd_internal_post_signal): Likewise.
* csu/Makefile: Likewise.
Diffstat (limited to 'locale/findlocale.c')
-rw-r--r-- | locale/findlocale.c | 9 |
1 files changed, 7 insertions, 2 deletions
diff --git a/locale/findlocale.c b/locale/findlocale.c index b651dba..e2fdd06 100644 --- a/locale/findlocale.c +++ b/locale/findlocale.c @@ -1,4 +1,4 @@ -/* Copyright (C) 1996, 1997 Free Software Foundation, Inc. +/* Copyright (C) 1996, 1997, 1998 Free Software Foundation, Inc. This file is part of the GNU C Library. Contributed by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1996. @@ -20,6 +20,7 @@ #include <locale.h> #include <stdlib.h> #include <string.h> +#include <unistd.h> #include <sys/mman.h> #include "localeinfo.h" @@ -51,7 +52,11 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len, const char *revision; struct loaded_l10nfile *locale_file; - if ((*name)[0] == '\0') + if ((*name)[0] == '\0' + /* In SUID binaries we must not allow people to access files + outside the dedicated locale directories. */ + || (__libc_enable_secure + && memchr (*name, '/', _nl_find_language (*name) - *name) != NULL)) { /* The user decides which locale to use by setting environment variables. */ |