[src/netbsd-1-4]: src/lib/libc/nls Pull up revisions 1.17-1.18 (requested by ...

[he <he%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/e959f4279cee
branches:  netbsd-1-4
changeset: 470929:e959f4279cee
user:      he <he%NetBSD.org@localhost>
date:      Wed Oct 04 14:07:22 2000 +0000

description:
Pull up revisions 1.17-1.18 (requested by sommerfeld):
  Ignore NLSPATH, PATH_LOCALE if issetugid().
  Disallow `/' in LC_* and LANG environment variables.
  Close one-byte buffer-overrun in catopen().

diffstat:

 lib/libc/nls/catopen.c |  13 ++++---------
 1 files changed, 4 insertions(+), 9 deletions(-)

diffs (35 lines):

diff -r 1825aa3a8874 -r e959f4279cee lib/libc/nls/catopen.c
--- a/lib/libc/nls/catopen.c    Wed Oct 04 14:04:46 2000 +0000
+++ b/lib/libc/nls/catopen.c    Wed Oct 04 14:07:22 2000 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: catopen.c,v 1.14 1998/11/15 17:42:36 christos Exp $    */
+/*     $NetBSD: catopen.c,v 1.14.2.1 2000/10/04 14:07:22 he Exp $      */
 
 /*-
  * Copyright (c) 1996 The NetBSD Foundation, Inc.
@@ -61,7 +61,7 @@
        const char *name;
        int oflag;
 {
-       char tmppath[PATH_MAX];
+       char tmppath[PATH_MAX+1];
        char *nlspath;
        char *lang;
        char *s, *t;
@@ -75,14 +75,9 @@
        if (strchr(name, '/'))
                return load_msgcat(name);
 
-       /*
-        * XXX potential security problem here if this is used in a
-        * set-id program, and NLSPATH or LANG are set to read files
-        * the user normally does not have access to.
-        */
-       if ((nlspath = getenv("NLSPATH")) == NULL)
+       if (issetugid() || (nlspath = getenv("NLSPATH")) == NULL)
                nlspath = NLS_DEFAULT_PATH;
-       if ((lang = getenv("LANG")) == NULL)
+       if ((lang = getenv("LANG")) == NULL || strchr(lang, '/'))
                lang = NLS_DEFAULT_LANG;
 
        s = nlspath;