git: strcoll(1): Fix named locale case where conversion fails
John Marino
marino at crater.dragonflybsd.org
Sun Aug 2 04:28:53 PDT 2015
commit bea37db929b4bc021536360b9878c6bde0650f09
Author: John Marino <draco at marino.st>
Date: Sun Aug 2 13:19:16 2015 +0200
strcoll(1): Fix named locale case where conversion fails
When strcoll is used with a locale other than C/POSIX, it uses the
mbsrtowcs_l(1) function which can alter the src pointer upon failure.
If that happens in the current implementation of strcoll, a null pointer
is send to strcmp (resulting in wrong answer) and it will change the s
or s2 argument of strcoll(1), which is not behavior expected by the POSIX
standard.
Using a copy of the s and s2 arguments prevents this situation. Note that
Illumos, which which the source came, still has this vulnerability.
Reported by: Romick (YRabbit) on IRC
Summary of changes:
lib/libc/string/strcoll.c | 15 +++++++++++++--
1 file changed, 13 insertions(+), 2 deletions(-)
http://gitweb.dragonflybsd.org/dragonfly.git/commitdiff/bea37db929b4bc021536360b9878c6bde0650f09
--
DragonFly BSD source repository
More information about the Commits
mailing list