Re: bash buffer overflow in handling locale environment variables

Chet Ramey Thu, 30 Apr 2015 15:49:07 -0700

On 4/30/15 4:59 PM, Chet Ramey wrote:

>> Fix:
>> Use strncpy() in place of strcpy() in lib/sh/unicode.c:
>>
>> --- /tmp/bash-4.3.30/lib/sh/unicode.c   2014-01-30 21:47:19.000000000 +0000
>> +++ ./bash-4.3.30/lib/sh/unicode.c       2015-04-30 18:03:42.300340729 +0000
>> @@ -78,7 +78,8 @@
>>    s = strrchr (locale, '.');
>>    if (s)
>>      {
>> -      strcpy (charsetbuf, s+1);
>> +      strncpy (charsetbuf, s+1, sizeof(charsetbuf)-1);
>> +      charsetbuf[sizeof(charsetbuf)-1] = '\0';
>>        t = strchr (charsetbuf, '@');
>>        if (t)
>>         *t = 0;
> 
> Thanks for the report; this is a good fix.


Such a good fix, in fact, that I made the same change in the bash devel
branch last August.

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    c...@case.edu    http://cnswww.cns.cwru.edu/~chet/

Re: bash buffer overflow in handling locale environment variables

Reply via email to