bug-bash
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: bash buffer overflow in handling locale environment variables


From: Chet Ramey
Subject: Re: bash buffer overflow in handling locale environment variables
Date: Thu, 30 Apr 2015 18:48:11 -0400
User-agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.10; rv:31.0) Gecko/20100101 Thunderbird/31.6.0

On 4/30/15 4:59 PM, Chet Ramey wrote:

>> Fix:
>> Use strncpy() in place of strcpy() in lib/sh/unicode.c:
>>
>> --- /tmp/bash-4.3.30/lib/sh/unicode.c   2014-01-30 21:47:19.000000000 +0000
>> +++ ./bash-4.3.30/lib/sh/unicode.c       2015-04-30 18:03:42.300340729 +0000
>> @@ -78,7 +78,8 @@
>>    s = strrchr (locale, '.');
>>    if (s)
>>      {
>> -      strcpy (charsetbuf, s+1);
>> +      strncpy (charsetbuf, s+1, sizeof(charsetbuf)-1);
>> +      charsetbuf[sizeof(charsetbuf)-1] = '\0';
>>        t = strchr (charsetbuf, '@');
>>        if (t)
>>         *t = 0;
> 
> Thanks for the report; this is a good fix.

Such a good fix, in fact, that I made the same change in the bash devel
branch last August.

Chet

-- 
``The lyf so short, the craft so long to lerne.'' - Chaucer
                 ``Ars longa, vita brevis'' - Hippocrates
Chet Ramey, ITS, CWRU    chet@case.edu    http://cnswww.cns.cwru.edu/~chet/



reply via email to

[Prev in Thread] Current Thread [Next in Thread]