[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: bash buffer overflow in handling locale environment variables
From: |
Chet Ramey |
Subject: |
Re: bash buffer overflow in handling locale environment variables |
Date: |
Thu, 30 Apr 2015 18:48:11 -0400 |
User-agent: |
Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0 |
On 4/30/15 4:59 PM, Chet Ramey wrote:
>> Fix:
>> Use strncpy() in place of strcpy() in lib/sh/unicode.c:
>>
>> --- /tmp/bash-4.3.30/lib/sh/unicode.c 2014-01-30 21:47:19.000000000 +0000
>> +++ ./bash-4.3.30/lib/sh/unicode.c 2015-04-30 18:03:42.300340729 +0000
>> @@ -78,7 +78,8 @@
>> s = strrchr (locale, '.');
>> if (s)
>> {
>> - strcpy (charsetbuf, s+1);
>> + strncpy (charsetbuf, s+1, sizeof(charsetbuf)-1);
>> + charsetbuf[sizeof(charsetbuf)-1] = '\0';
>> t = strchr (charsetbuf, '@');
>> if (t)
>> *t = 0;
>
> Thanks for the report; this is a good fix.
Such a good fix, in fact, that I made the same change in the bash devel
branch last August.
Chet
--
``The lyf so short, the craft so long to lerne.'' - Chaucer
``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU chet@case.edu http://cnswww.cns.cwru.edu/~chet/