git: strcoll(1): Fix named locale case where conversion fails

John Marino marino at crater.dragonflybsd.org
Sun Aug 2 04:28:53 PDT 2015


commit bea37db929b4bc021536360b9878c6bde0650f09
Author: John Marino <draco at marino.st>
Date:   Sun Aug 2 13:19:16 2015 +0200

    strcoll(1): Fix named locale case where conversion fails
    
    When strcoll is used with a locale other than C/POSIX, it uses the
    mbsrtowcs_l(1) function which can alter the src pointer upon failure.
    If that happens in the current implementation of strcoll, a null pointer
    is send to strcmp (resulting in wrong answer) and it will change the s
    or s2 argument of strcoll(1), which is not behavior expected by the POSIX
    standard.
    
    Using a copy of the s and s2 arguments prevents this situation.  Note that
    Illumos, which which the source came, still has this vulnerability.
    
    Reported by: Romick (YRabbit) on IRC

Summary of changes:
 lib/libc/string/strcoll.c | 15 +++++++++++++--
 1 file changed, 13 insertions(+), 2 deletions(-)

http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/bea37db929b4bc021536360b9878c6bde0650f09


-- 
DragonFly BSD source repository



More information about the Commits mailing list