This is the mail archive of the glibc-bugs@sourceware.org mailing list for the glibc project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

[Bug localedata/17142] New: LANGUAGE environment variable processing and directory traversal


https://sourceware.org/bugzilla/show_bug.cgi?id=17142

            Bug ID: 17142
           Summary: LANGUAGE environment variable processing and directory
                    traversal
           Product: glibc
           Version: unspecified
            Status: NEW
          Severity: normal
          Priority: P2
         Component: localedata
          Assignee: unassigned at sourceware dot org
          Reporter: fweimer at redhat dot com
                CC: libc-locales at sourceware dot org
             Flags: security+

Bug 17137 did not address processing of the LANGUAGE environment variable in
intl/dcigettext.c.  ".." path components should be restricted and the usual
alloca hardening applied.

I'm not sure what is the best approach here.  intl/ is shared with gettext, so
we probably cannot reuse existing code in locale/ for locating the message
catalogs.

We did not handle this as part of CVE-2014-0475 because the vectors known at
the time did not apply to gettext, and the shared code base complicated
matters.

-- 
You are receiving this mail because:
You are on the CC list for the bug.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]