From 89a62bf2907412cb562d22c875736357e314c8c8 Mon Sep 17 00:00:00 2001
From: Rob Landley <rob@landley.net>
Date: Mon, 9 Jun 2014 05:51:04 -0500
Subject: When locale is enabled, sprintf("%.123s", str) is counting
 characters, not bytes, so we can't globally enable locale without opening
 stack/heap smashing vulnerabilities. Make commands individually request
 setlocale() using TOYFLAGS instead.

---
 toys.h | 4 ++++
 1 file changed, 4 insertions(+)

(limited to 'toys.h')

diff --git a/toys.h b/toys.h
index 6666cfbf..9fd338ab 100644
--- a/toys.h
+++ b/toys.h
@@ -105,6 +105,10 @@ void toy_exec(char *argv[]);
 #define TOYFLAG_NEEDROOT (1<<7)
 #define TOYFLAG_ROOTONLY (TOYFLAG_STAYROOT|TOYFLAG_NEEDROOT)
 
+// Call setlocale to listen to environment variables.
+// This invalidates sprintf("%.*s", size, string) as a valid length constraint.
+#define TOYFLAG_LOCALE   (1<<8)
+
 // Array of available commands
 
 extern struct toy_list {
-- 
cgit v1.2.3