diff options
author | Rob Landley <rob@landley.net> | 2014-06-09 05:51:04 -0500 |
---|---|---|
committer | Rob Landley <rob@landley.net> | 2014-06-09 05:51:04 -0500 |
commit | 89a62bf2907412cb562d22c875736357e314c8c8 (patch) | |
tree | 0dbb98c25b73f9320c090c7aeceb98ea2fe23fa6 | |
parent | c421b7068c5dd95baa10f9bd97e578d04ba48c70 (diff) | |
download | toybox-89a62bf2907412cb562d22c875736357e314c8c8.tar.gz |
When locale is enabled, sprintf("%.123s", str) is counting characters, not bytes, so we can't globally enable locale without opening stack/heap smashing vulnerabilities. Make commands individually request setlocale() using TOYFLAGS instead.
-rw-r--r-- | toys.h | 4 | ||||
-rw-r--r-- | toys/posix/expand.c | 2 | ||||
-rw-r--r-- | toys/posix/wc.c | 2 |
3 files changed, 6 insertions, 2 deletions
@@ -105,6 +105,10 @@ void toy_exec(char *argv[]); #define TOYFLAG_NEEDROOT (1<<7) #define TOYFLAG_ROOTONLY (TOYFLAG_STAYROOT|TOYFLAG_NEEDROOT) +// Call setlocale to listen to environment variables. +// This invalidates sprintf("%.*s", size, string) as a valid length constraint. +#define TOYFLAG_LOCALE (1<<8) + // Array of available commands extern struct toy_list { diff --git a/toys/posix/expand.c b/toys/posix/expand.c index e23dc273..7e668fa7 100644 --- a/toys/posix/expand.c +++ b/toys/posix/expand.c @@ -4,7 +4,7 @@ * * See http://pubs.opengroup.org/onlinepubs/9699919799/utilities/expand.html -USE_EXPAND(NEWTOY(expand, "t*", TOYFLAG_USR|TOYFLAG_BIN)) +USE_EXPAND(NEWTOY(expand, "t*", TOYFLAG_USR|TOYFLAG_BIN|TOYFLAG_LOCALE)) config EXPAND bool "expand" diff --git a/toys/posix/wc.c b/toys/posix/wc.c index 3a6540b1..815e08b1 100644 --- a/toys/posix/wc.c +++ b/toys/posix/wc.c @@ -4,7 +4,7 @@ * * See http://opengroup.org/onlinepubs/9699919799/utilities/wc.html -USE_WC(NEWTOY(wc, USE_TOYBOX_I18N("m")"cwl", TOYFLAG_USR|TOYFLAG_BIN)) +USE_WC(NEWTOY(wc, USE_TOYBOX_I18N("m")"cwl", TOYFLAG_USR|TOYFLAG_BIN|TOYFLAG_LOCALE)) config WC bool "wc" |