changeset 1342:3b85d2ce34aa draft

When locale is enabled, sprintf("%.123s", str) is counting characters, not bytes, so we can't globally enable locale without opening stack/heap smashing vulnerabilities. Make commands individually request setlocale() using TOYFLAGS instead.
author Rob Landley <rob@landley.net>
date Mon, 09 Jun 2014 05:51:04 -0500
parents 77c2f9e6661f
children 2538fa09b1b1
files toys.h toys/posix/expand.c toys/posix/wc.c
diffstat 3 files changed, 6 insertions(+), 2 deletions(-) [+]
line wrap: on
line diff
--- a/toys.h	Sun Jun 08 17:05:10 2014 -0500
+++ b/toys.h	Mon Jun 09 05:51:04 2014 -0500
@@ -105,6 +105,10 @@
 #define TOYFLAG_NEEDROOT (1<<7)
 #define TOYFLAG_ROOTONLY (TOYFLAG_STAYROOT|TOYFLAG_NEEDROOT)
 
+// Call setlocale to listen to environment variables.
+// This invalidates sprintf("%.*s", size, string) as a valid length constraint.
+#define TOYFLAG_LOCALE   (1<<8)
+
 // Array of available commands
 
 extern struct toy_list {
--- a/toys/posix/expand.c	Sun Jun 08 17:05:10 2014 -0500
+++ b/toys/posix/expand.c	Mon Jun 09 05:51:04 2014 -0500
@@ -4,7 +4,7 @@
  *
  * See http://pubs.opengroup.org/onlinepubs/9699919799/utilities/expand.html
 
-USE_EXPAND(NEWTOY(expand, "t*", TOYFLAG_USR|TOYFLAG_BIN))
+USE_EXPAND(NEWTOY(expand, "t*", TOYFLAG_USR|TOYFLAG_BIN|TOYFLAG_LOCALE))
 
 config EXPAND
   bool "expand"
--- a/toys/posix/wc.c	Sun Jun 08 17:05:10 2014 -0500
+++ b/toys/posix/wc.c	Mon Jun 09 05:51:04 2014 -0500
@@ -4,7 +4,7 @@
  *
  * See http://opengroup.org/onlinepubs/9699919799/utilities/wc.html
 
-USE_WC(NEWTOY(wc, USE_TOYBOX_I18N("m")"cwl", TOYFLAG_USR|TOYFLAG_BIN))
+USE_WC(NEWTOY(wc, USE_TOYBOX_I18N("m")"cwl", TOYFLAG_USR|TOYFLAG_BIN|TOYFLAG_LOCALE))
 
 config WC
   bool "wc"