From 89a62bf2907412cb562d22c875736357e314c8c8 Mon Sep 17 00:00:00 2001 From: Rob Landley Date: Mon, 9 Jun 2014 05:51:04 -0500 Subject: When locale is enabled, sprintf("%.123s", str) is counting characters, not bytes, so we can't globally enable locale without opening stack/heap smashing vulnerabilities. Make commands individually request setlocale() using TOYFLAGS instead. --- toys/posix/wc.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'toys/posix/wc.c') diff --git a/toys/posix/wc.c b/toys/posix/wc.c index 3a6540b1..815e08b1 100644 --- a/toys/posix/wc.c +++ b/toys/posix/wc.c @@ -4,7 +4,7 @@ * * See http://opengroup.org/onlinepubs/9699919799/utilities/wc.html -USE_WC(NEWTOY(wc, USE_TOYBOX_I18N("m")"cwl", TOYFLAG_USR|TOYFLAG_BIN)) +USE_WC(NEWTOY(wc, USE_TOYBOX_I18N("m")"cwl", TOYFLAG_USR|TOYFLAG_BIN|TOYFLAG_LOCALE)) config WC bool "wc" -- cgit v1.2.3