aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorRob Landley <rob@landley.net>2014-06-09 05:51:04 -0500
committerRob Landley <rob@landley.net>2014-06-09 05:51:04 -0500
commit89a62bf2907412cb562d22c875736357e314c8c8 (patch)
tree0dbb98c25b73f9320c090c7aeceb98ea2fe23fa6
parentc421b7068c5dd95baa10f9bd97e578d04ba48c70 (diff)
downloadtoybox-89a62bf2907412cb562d22c875736357e314c8c8.tar.gz
When locale is enabled, sprintf("%.123s", str) is counting characters, not bytes, so we can't globally enable locale without opening stack/heap smashing vulnerabilities. Make commands individually request setlocale() using TOYFLAGS instead.
-rw-r--r--toys.h4
-rw-r--r--toys/posix/expand.c2
-rw-r--r--toys/posix/wc.c2
3 files changed, 6 insertions, 2 deletions
diff --git a/toys.h b/toys.h
index 6666cfbf..9fd338ab 100644
--- a/toys.h
+++ b/toys.h
@@ -105,6 +105,10 @@ void toy_exec(char *argv[]);
#define TOYFLAG_NEEDROOT (1<<7)
#define TOYFLAG_ROOTONLY (TOYFLAG_STAYROOT|TOYFLAG_NEEDROOT)
+// Call setlocale to listen to environment variables.
+// This invalidates sprintf("%.*s", size, string) as a valid length constraint.
+#define TOYFLAG_LOCALE (1<<8)
+
// Array of available commands
extern struct toy_list {
diff --git a/toys/posix/expand.c b/toys/posix/expand.c
index e23dc273..7e668fa7 100644
--- a/toys/posix/expand.c
+++ b/toys/posix/expand.c
@@ -4,7 +4,7 @@
*
* See http://pubs.opengroup.org/onlinepubs/9699919799/utilities/expand.html
-USE_EXPAND(NEWTOY(expand, "t*", TOYFLAG_USR|TOYFLAG_BIN))
+USE_EXPAND(NEWTOY(expand, "t*", TOYFLAG_USR|TOYFLAG_BIN|TOYFLAG_LOCALE))
config EXPAND
bool "expand"
diff --git a/toys/posix/wc.c b/toys/posix/wc.c
index 3a6540b1..815e08b1 100644
--- a/toys/posix/wc.c
+++ b/toys/posix/wc.c
@@ -4,7 +4,7 @@
*
* See http://opengroup.org/onlinepubs/9699919799/utilities/wc.html
-USE_WC(NEWTOY(wc, USE_TOYBOX_I18N("m")"cwl", TOYFLAG_USR|TOYFLAG_BIN))
+USE_WC(NEWTOY(wc, USE_TOYBOX_I18N("m")"cwl", TOYFLAG_USR|TOYFLAG_BIN|TOYFLAG_LOCALE))
config WC
bool "wc"