[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [bug-gettext] intl: Proof against invalid offset/length
From: |
Carlos O'Donell |
Subject: |
Re: [bug-gettext] intl: Proof against invalid offset/length |
Date: |
Fri, 13 Mar 2015 10:31:37 -0400 |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64; rv:31.0) Gecko/20100101 Thunderbird/31.4.0 |
On 03/13/2015 10:29 AM, Florian Weimer wrote:
> On 03/12/2015 02:04 AM, Bruno Haible wrote:
>
>> But these arguments don't consider the LANGUAGE variable. The original
>> intent of LANGUAGE was that it contains colon-separated language or locale
>> identifiers. But in fact, you can specify relative files names that start
>> with "../", and thus you can make the _nl_load_domain function in glibc
>> access files anywhere in the file system.
>
> Yes, this is bug 17142.
In my opinion we need to restrict LANGUAGE just like we restricted all
other the other variables in CVE-2014-0475.
Cheers,
Carlos.
- [bug-gettext] intl: Proof against invalid offset/length, Daiki Ueno, 2015/03/11
- Re: [bug-gettext] intl: Proof against invalid offset/length, Carlos O'Donell, 2015/03/11
- Re: [bug-gettext] intl: Proof against invalid offset/length, Mike Frysinger, 2015/03/11
- Re: [bug-gettext] intl: Proof against invalid offset/length, Bruno Haible, 2015/03/11
- Re: [bug-gettext] intl: Proof against invalid offset/length, Florian Weimer, 2015/03/13
- Re: [bug-gettext] intl: Proof against invalid offset/length,
Carlos O'Donell <=
- Re: [bug-gettext] intl: Proof against invalid offset/length, Daiki Ueno, 2015/03/19
- Re: [bug-gettext] intl: Proof against invalid offset/length, Florian Weimer, 2015/03/20
- Re: [bug-gettext] intl: Proof against invalid offset/length, Daiki Ueno, 2015/03/20
- Re: [bug-gettext] intl: Proof against invalid offset/length, Florian Weimer, 2015/03/23