This is the mail archive of the mailing list for the glibc project.

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

Re: intl: Proof against invalid offset/length

On 11 Mar 2015 02:39, Carlos O'Donell wrote:
> On 03/11/2015 02:01 AM, Daiki Ueno wrote:
> > It is surprising that there are no checks of lengths/offsets read from
> > MO files.  Currently, I'm thinking of the attached patch (to gettext),
> > which is a bit complicated.  If anyone could suggest a cleaner approach,
> > I'd appreciate it.
> Why does it surprise you?
> The MO files are writable only by root, so it's not a security issue
> because if you could write to them you'd be root, and you'd have
> full access to the system anyway.
> The other alternative is that the filesystem is corrupted and loading
> the MO file crashes your application. This is expected since the
> filesystem is corrupted. You are suggesting we add some rather complex
> checking for the possibly low probability case of a corrupted
> filesystem. If the filesystem is corrupted other things will be failing
> and you need to fix the corruption.
> What strong technical reasons do you have for propsing these additional
> checks?

i thought you could control things via $TEXTDOMAIN/$TEXTDOMAINDIR, but it looks 
like just `bash` and `gettext` respect those ?  so if you have a shell script 
that either directly supports translated messages (e.g. bash's $"..."), or 
indirectly (e.g. manually calling `gettext`), and it doesn't lock down the 
TEXTDOMAINDIR envvar properly, you could get them to load untrusted data and 
crash due to the omitted range checks in glibc ?

i'm not really familiar with how much gettext relies on glibc though or if it 
just entirely uses its own copy of code.

using Debian's code search [1], it looks like git provides GIT_TEXTDOMAINDIR to 
override the default TEXTDOMAINDIR.  i stopped at page ~6 ;).


Attachment: signature.asc
Description: Digital signature

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]