This is the mail archive of the
libc-alpha@sourceware.org
mailing list for the glibc project.
Re: [bug-gettext] intl: Proof against invalid offset/length
- From: Florian Weimer <fweimer at redhat dot com>
- To: Bruno Haible <bruno at clisp dot org>, bug-gettext at gnu dot org
- Cc: "Carlos O'Donell" <carlos at redhat dot com>, Daiki Ueno <ueno at gnu dot org>, Jakub Wilk <jwilk at debian dot org>, libc-alpha at sourceware dot org
- Date: Fri, 13 Mar 2015 15:29:11 +0100
- Subject: Re: [bug-gettext] intl: Proof against invalid offset/length
- Authentication-results: sourceware.org; auth=none
- References: <m3oao06pj3 dot fsf-ueno at gnu dot org> <54FFE323 dot 4000704 at redhat dot com> <5962708 dot Sqr89sjBty at linuix dot haible dot de>
On 03/12/2015 02:04 AM, Bruno Haible wrote:
> But these arguments don't consider the LANGUAGE variable. The original
> intent of LANGUAGE was that it contains colon-separated language or locale
> identifiers. But in fact, you can specify relative files names that start
> with "../", and thus you can make the _nl_load_domain function in glibc
> access files anywhere in the file system.
Yes, this is bug 17142.
--
Florian Weimer / Red Hat Product Security