(_nl_find_locale): Use _nl_find_locale to get language part it drop

author Ulrich Drepper <drepper@redhat.com>

Wed, 20 May 1998 12:10:21 +0000 (12:10 +0000)

committer Ulrich Drepper <drepper@redhat.com>

Wed, 20 May 1998 12:10:21 +0000 (12:10 +0000)
author Ulrich Drepper <drepper@redhat.com>
Wed, 20 May 1998 12:10:21 +0000 (12:10 +0000)
committer Ulrich Drepper <drepper@redhat.com>
Wed, 20 May 1998 12:10:21 +0000 (12:10 +0000)
diff --git a/locale/findlocale.c b/locale/findlocale.c

index d73ba4a3956b6bbba5dff09fe8022e6c0f69dd66..4e8460ee4afc1be3dbcfcf5e0d91eb93e382c966 100644 (file)
--- a/locale/findlocale.c
+++ b/locale/findlocale.c
@@ -1,4 +1,4 @@
-/* Copyright (C) 1996 Free Software Foundation, Inc.
+/* Copyright (C) 1996, 1998 Free Software Foundation, Inc.
     This file is part of the GNU C Library.
     Contributed by Ulrich Drepper <drepper@gnu.ai.mit.edu>, 1996.
  
@@ -20,6 +20,7 @@
  #include <locale.h>
  #include <stdlib.h>
  #include <string.h>
+#include <unistd.h>
  
  #include "localeinfo.h"
  
@@ -61,7 +62,11 @@ _nl_find_locale (const char *locale_path, size_t locale_path_len,
    const char *revision;
    struct loaded_l10nfile *locale_file;
  
-  if ((*name)[0] == '\0')
+  if ((*name)[0] == '\0'
+      /* In SUID binaries we must not allow people to access files
+        outside the dedicated locale directories.  */
+      || (__libc_enable_secure
+         && memchr (*name, '/', _nl_find_language (*name) - *name) != NULL))
      {
        /* The user decides which locale to use by setting environment
          variables.  */
author	Ulrich Drepper <drepper@redhat.com>
	Wed, 20 May 1998 12:10:21 +0000 (12:10 +0000)
committer	Ulrich Drepper <drepper@redhat.com>
	Wed, 20 May 1998 12:10:21 +0000 (12:10 +0000)