about summary refs log tree commit diff
path: root/locale
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>1998-05-19 16:13:05 +0000
committerUlrich Drepper <drepper@redhat.com>1998-05-19 16:13:05 +0000
commit3081378bb23b20ff12e30204ef324183d38d3482 (patch)
treee74244f6b6e90f5d2649526aa58d312f2a3d2099 /locale
parented277b4ec4e4bde37970e7ddc109706b48fedb56 (diff)
downloadglibc-3081378bb23b20ff12e30204ef324183d38d3482.tar.gz
glibc-3081378bb23b20ff12e30204ef324183d38d3482.tar.xz
glibc-3081378bb23b20ff12e30204ef324183d38d3482.zip
Update.
1998-05-19 15:58  Ulrich Drepper  <drepper@cygnus.com>

	* elf/rtld.c (process_envvars): Fix typo.  Don't handle
	LD_PROFILE_OUTPUT in SUID binaries.
	* intl/dcgettext.c: In SUID binaries don't let language part of
	locale value contain path elements.
	* intl/explodename.h: Define new function _nl_find_language.
	* intl/loadinfo.h: Declare _nl_find_language.
	* locale/findlocale.c (_nl_find_locale): Use _nl_find_locale to get
	language part it drop the value is path element is contained.

	* locale/setlocale.c: Fix typo.

1998-05-18  Philip Blundell  <Philip.Blundell@pobox.com>

	* sysdeps/unix/sysv/linux/arm/socket.S: Correct handling of arguments.

	* sysdeps/arm/strlen.S: Support both big and little endian processors.

	* sysdeps/arm/sysdep.h (ALIGNARG): ELF .align directive uses a
	log, not a byte-count.

	* sysdeps/unix/arm/sysdep.S (syscall_error): Use C_SYMBOL_NAME for
	a.out compatibility.

1998-05-19  Andreas Jaeger  <aj@arthur.rhein-neckar.de>

	* sysdeps/unix/bsd/vax/vfork.S: Fix the "the the" problems.
	* sysdeps/unix/bsd/sun/m68k/vfork.S: Likewise.
	* sysdeps/unix/bsd/hp/m68k/vfork.S: Likewise.
	* posix/unistd.h: Likewise.
	* math/math.h: Likewise.
	* manual/users.texi (Manipulating the Database): Likewise.
	* manual/signal.texi (Job Control Signals): Likewise.
	* manual/message.texi (The gencat program): Likewise.
	* manual/filesys.texi (Hard Links): Likewise.
	* manual/math.texi (SVID Random): Likewise.
	* manual/llio.texi (Waiting for I/O): Likewise.
	* manual/io.texi (File Name Errors): Likewise.
	* manual/conf.texi (String Parameters): Likewise.
	* manual/arith.texi (Infinity): Likewise.
	* malloc/malloc.c: Likewise.
	* hurd/hurdsig.c (_hurd_internal_post_signal): Likewise.
	* csu/Makefile: Likewise.
Diffstat (limited to 'locale')
-rw-r--r--locale/findlocale.c9
-rw-r--r--locale/setlocale.c4
2 files changed, 9 insertions, 4 deletions
diff --git a/locale/findlocale.c b/locale/findlocale.c
index b651dbaaad..e2fdd06f6d 100644
--- a/locale/findlocale.c
+++ b/locale/findlocale.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996, 1997 Free Software Foundation, Inc.
+/* Copyright (C) 1996, 1997, 1998 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1996.
 
@@ -20,6 +20,7 @@
 #include <locale.h>
 #include <stdlib.h>
 #include <string.h>
+#include <unistd.h>
 #include <sys/mman.h>
 
 #include "localeinfo.h"
@@ -51,7 +52,11 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len,
   const char *revision;
   struct loaded_l10nfile *locale_file;
 
-  if ((*name)[0] == '\0')
+  if ((*name)[0] == '\0'
+      /* In SUID binaries we must not allow people to access files
+	 outside the dedicated locale directories.  */
+      || (__libc_enable_secure
+	  && memchr (*name, '/', _nl_find_language (*name) - *name) != NULL))
     {
       /* The user decides which locale to use by setting environment
 	 variables.  */
diff --git a/locale/setlocale.c b/locale/setlocale.c
index 33599c64db..4b6a300481 100644
--- a/locale/setlocale.c
+++ b/locale/setlocale.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1991, 1992, 1995, 1996, 1997 Free Software Foundation, Inc.
+/* Copyright (C) 1991, 92, 95, 96, 97, 98 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
 
    The GNU C Library is free software; you can redistribute it and/or
@@ -360,7 +360,7 @@ setlocale (int category, const char *locale)
 	  /* We must not simply free a global locale since we have no
 	     control over the usage.  So we mark it as un-deletable.
 
-	     Note: do ont remove the `if', it's necessary to copy with
+	     Note: do not remove the `if', it's necessary to copy with
 	     the builtin locale data.  */
 	  if (newdata->usage_count != UNDELETABLE)
 	    newdata->usage_count = UNDELETABLE;