[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: Potential vulnerabilities in BASH 4.3
From: |
Chet Ramey |
Subject: |
Re: Potential vulnerabilities in BASH 4.3 |
Date: |
Tue, 12 Aug 2014 15:40:01 -0400 |
> > bash-4.3.tar\bash-4.3\lib\sh\unicode.c:
> > *line 87: *strcpy (charsetbuf, locale);
>
> Thanks for the report. This is a potential vulnerability if the value of
> the LC_CTYPE variable is longer than 40 characters.
I should have added that this is only a problem on systems that don't have
an implementation of locale_charset in libc/libintl/libiconv and aren't using
the libintl shipped with bash.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/