yann@1: 2000-08-27 Ulrich Drepper yann@1: yann@1: * intl/dcgettext.c (DCGETTEXT): Remove _nl_find_language in code yann@1: to determine invalid locale name. yann@1: * locale/findlocale.c (_nl_find_locale): Likewise. yann@1: yann@1: 2000-08-21 Ulrich Drepper yann@1: yann@1: * catgets/catgets.c (catopen): Filter out env_var values with / if yann@1: necessary. yann@1: yann@1: * locale/findlocale.c (_nl_find_locale): Move test for unusable yann@1: locale name after all getenvs. yann@1: yann@1: --- glibc-2.1.3/catgets/catgets.c 2000/01/29 11:56:33 1.15 yann@1: +++ glibc-2.1.3/catgets/catgets.c 2000/08/21 20:55:30 1.16 yann@1: @@ -50,7 +50,8 @@ yann@1: /* Use the LANG environment variable. */ yann@1: env_var = getenv ("LANG"); yann@1: yann@1: - if (env_var == NULL) yann@1: + if (env_var == NULL || *env_var == '\0' yann@1: + || (__libc_enable_secure && strchr (env_var, '/') != NULL)) yann@1: env_var = "C"; yann@1: yann@1: env_var_len = strlen (env_var) + 1; yann@1: --- glibc-2.1.3/locale/findlocale.c 1999/11/08 23:45:13 1.10.2.1 yann@1: +++ glibc-2.1.3/locale/findlocale.c 2000/08/21 21:02:42 1.10.2.2 yann@1: @@ -1,4 +1,4 @@ yann@1: -/* Copyright (C) 1996, 1997, 1998, 1999 Free Software Foundation, Inc. yann@1: +/* Copyright (C) 1996, 1997, 1998, 1999, 2000 Free Software Foundation, Inc. yann@1: This file is part of the GNU C Library. yann@1: Contributed by Ulrich Drepper , 1996. yann@1: yann@1: @@ -54,11 +54,7 @@ yann@1: const char *revision; yann@1: struct loaded_l10nfile *locale_file; yann@1: yann@1: - if ((*name)[0] == '\0' yann@1: - /* In SUID binaries we must not allow people to access files yann@1: - outside the dedicated locale directories. */ yann@1: - || (__libc_enable_secure yann@1: - && memchr (*name, '/', _nl_find_language (*name) - *name) != NULL)) yann@1: + if ((*name)[0] == '\0') yann@1: { yann@1: /* The user decides which locale to use by setting environment yann@1: variables. */ yann@1: @@ -67,9 +63,12 @@ yann@1: *name = getenv (_nl_category_names[category]); yann@1: if (*name == NULL || (*name)[0] == '\0') yann@1: *name = getenv ("LANG"); yann@1: - if (*name == NULL || (*name)[0] == '\0') yann@1: - *name = (char *) _nl_C_name; yann@1: } yann@1: + yann@1: + if (*name == NULL || (*name)[0] == '\0' yann@1: + || (__builtin_expect (__libc_enable_secure, 0) yann@1: + && strchr (*name, '/') != NULL)) yann@1: + *name = (char *) _nl_C_name; yann@1: yann@1: if (strcmp (*name, _nl_C_name) == 0 || strcmp (*name, _nl_POSIX_name) == 0) yann@1: { yann@1: --- glibc-2.1.3/intl/dcgettext.c Sun Aug 27 23:15:33 2000 yann@1: +++ glibc-2.1.3/intl/dcgettext.c Sun Aug 27 23:16:34 2000 yann@1: @@ -371,10 +371,7 @@ yann@1: yann@1: /* When this is a SUID binary we must not allow accessing files yann@1: outside the dedicated directories. */ yann@1: - if (ENABLE_SECURE yann@1: - && (memchr (single_locale, '/', yann@1: - _nl_find_language (single_locale) - single_locale) yann@1: - != NULL)) yann@1: + if (ENABLE_SECURE && strchr (single_locale, '/') != NULL) yann@1: /* Ingore this entry. */ yann@1: continue; yann@1: }