diff options
| author | Florian Weimer <fweimer@redhat.com> | 2014-05-12 15:24:12 +0200 |
|---|---|---|
| committer | Florian Weimer <fweimer@redhat.com> | 2014-07-10 16:29:55 +0200 |
| commit | 4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3 (patch) | |
| tree | 9d423c33dd357da456df66249c30e086f25fb0dd /ChangeLog | |
| parent | d183645616b0533b3acee28f1a95570bffbdf50f (diff) | |
| download | glibc-4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3.tar.gz glibc-4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3.tar.xz glibc-4e8f95a0df7c2300b830ec12c0ae1e161bc8a8a3.zip | |
_nl_find_locale: Improve handling of crafted locale names [BZ #17137]
Prevent directory traversal in locale-related environment variables (CVE-2014-0475).
Diffstat (limited to 'ChangeLog')
| -rw-r--r-- | ChangeLog | 9 |
1 files changed, 9 insertions, 0 deletions
diff --git a/ChangeLog b/ChangeLog index 5767e5c735..5ab0234b6e 100644 --- a/ChangeLog +++ b/ChangeLog @@ -1,5 +1,14 @@ 2014-07-02 Florian Weimer <fweimer@redhat.com> + [BZ #17137] + * locale/findlocale.c (name_present, valid_locale_name): New + functions. + (_nl_find_locale): Use the loc_name variable to store name + candidates. Call name_present and valid_locale_name to check and + validate locale names. Return an error if the locale is invalid. + +2014-07-02 Florian Weimer <fweimer@redhat.com> + * locale/setlocale.c (setlocale): Use strdup for allocating composite name copy. |