Update.

1998-05-19 15:58  Ulrich Drepper  <drepper@cygnus.com>

	* elf/rtld.c (process_envvars): Fix typo.  Don't handle
	LD_PROFILE_OUTPUT in SUID binaries.
	* intl/dcgettext.c: In SUID binaries don't let language part of
	locale value contain path elements.
	* intl/explodename.h: Define new function _nl_find_language.
	* intl/loadinfo.h: Declare _nl_find_language.
	* locale/findlocale.c (_nl_find_locale): Use _nl_find_locale to get
	language part it drop the value is path element is contained.

	* locale/setlocale.c: Fix typo.

1998-05-18  Philip Blundell  <Philip.Blundell@pobox.com>

	* sysdeps/unix/sysv/linux/arm/socket.S: Correct handling of arguments.

	* sysdeps/arm/strlen.S: Support both big and little endian processors.

	* sysdeps/arm/sysdep.h (ALIGNARG): ELF .align directive uses a
	log, not a byte-count.

	* sysdeps/unix/arm/sysdep.S (syscall_error): Use C_SYMBOL_NAME for
	a.out compatibility.

1998-05-19  Andreas Jaeger  <aj@arthur.rhein-neckar.de>

	* sysdeps/unix/bsd/vax/vfork.S: Fix the "the the" problems.
	* sysdeps/unix/bsd/sun/m68k/vfork.S: Likewise.
	* sysdeps/unix/bsd/hp/m68k/vfork.S: Likewise.
	* posix/unistd.h: Likewise.
	* math/math.h: Likewise.
	* manual/users.texi (Manipulating the Database): Likewise.
	* manual/signal.texi (Job Control Signals): Likewise.
	* manual/message.texi (The gencat program): Likewise.
	* manual/filesys.texi (Hard Links): Likewise.
	* manual/math.texi (SVID Random): Likewise.
	* manual/llio.texi (Waiting for I/O): Likewise.
	* manual/io.texi (File Name Errors): Likewise.
	* manual/conf.texi (String Parameters): Likewise.
	* manual/arith.texi (Infinity): Likewise.
	* malloc/malloc.c: Likewise.
	* hurd/hurdsig.c (_hurd_internal_post_signal): Likewise.
	* csu/Makefile: Likewise.

3 files changed, 46 insertions, 5 deletions

diff --git a/intl/dcgettext.c b/intl/dcgettext.c
index a79c1f52e2..777dd31d04 100644
--- a/intl/dcgettext.c
+++ b/intl/dcgettext.c
@@ -221,6 +221,24 @@ struct block_list
 # define DCGETTEXT dcgettext__
 #endif
 
+/* Checking whether the binaries runs SUID must be done and glibc provides
+   easier methods therefore we make a difference here.  */
+#ifdef _LIBC
+# define ENABLE_SECURE __libc_enable_secure
+# define DETERMINE_SECURE
+#else
+static int enable_secure;
+# define ENABLE_SECURE (enable_secure == 1)
+# define DETERMINE_SECURE \
+  if (enable_secure == 0)						      \
+    {									      \
+      if (getuid () != geteuid () || getgid () != getegid ())		      \
+	enable_secure = 1;						      \
+      else								      \
+	enable_secure = -1;						      \
+    }
+#endif
+
 /* Look up MSGID in the DOMAINNAME message catalog for the current CATEGORY
    locale.  */
 char *
@@ -245,9 +263,12 @@ DCGETTEXT (domainname, msgid, category)
   if (msgid == NULL)
     return NULL;
 
+  /* See whether this is a SUID binary or not.  */
+  DETERMINE_SECURE;
+
   /* If DOMAINNAME is NULL, we are interested in the default domain.  If
      CATEGORY is not LC_MESSAGES this might not make much sense but the
-     defintion left this undefined.  */
+     definition left this undefined.  */
   if (domainname == NULL)
     domainname = _nl_current_default_domain;
 
@@ -322,7 +343,7 @@ DCGETTEXT (domainname, msgid, category)
 
 
   /* Search for the given string.  This is a loop because we perhaps
-     got an ordered list of languages to consider for th translation.  */
+     got an ordered list of languages to consider for the translation.  */
   while (1)
     {
       /* Make CATEGORYVALUE point to the next element of the list.  */
@@ -343,6 +364,15 @@ DCGETTEXT (domainname, msgid, category)
 	  while (categoryvalue[0] != '\0' && categoryvalue[0] != ':')
 	    *cp++ = *categoryvalue++;
 	  *cp = '\0';
+
+	  /* When this is a SUID binary we must not allow accessing files
+	     outside the dedicated directories.  */
+	  if (ENABLE_SECURE
+	      && (memchr (single_locale, '/',
+			  _nl_find_language (single_locale) - single_locale)
+		  != NULL))
+	    /* Ingore this entry.  */
+	    continue;
 	}
 
       /* If the current locale value is C (or POSIX) we don't load a
diff --git a/intl/explodename.c b/intl/explodename.c
index 8dad496a5e..8fe928f312 100644
--- a/intl/explodename.c
+++ b/intl/explodename.c
@@ -47,6 +47,17 @@
 
 /* @@ end of prolog @@ */
 
+char *
+_nl_find_language (const char *name)
+{
+  while (name[0] != '\0' && name[0] != '_' && name[0] != '@'
+	 && name[0] != '+' && name[0] != ',')
+    ++name;
+
+  return (char *) name;
+}
+
+
 int
 _nl_explode_name (name, language, modifier, territory, codeset,
 		  normalized_codeset, special, sponsor, revision)
@@ -78,9 +89,7 @@ _nl_explode_name (name, language, modifier, territory, codeset,
   mask = 0;
   syntax = undecided;
   *language = cp = name;
-  while (cp[0] != '\0' && cp[0] != '_' && cp[0] != '@'
-	 && cp[0] != '+' && cp[0] != ',')
-    ++cp;
+  cp = _nl_find_language (*language);
 
   if (*language == cp)
     /* This does not make sense: language has to be specified.  Use
diff --git a/intl/loadinfo.h b/intl/loadinfo.h
index 8fabe63903..b82dc90d67 100644
--- a/intl/loadinfo.h
+++ b/intl/loadinfo.h
@@ -75,3 +75,5 @@ extern int _nl_explode_name PARAMS ((char *name, const char **language,
 				     const char **special,
 				     const char **sponsor,
 				     const char **revision));
+
+extern char *_nl_find_language PARAMS ((const char *name));