Bugtraq mailing list archives

i18n issues with format bugs

From: John Levon <moz () COMPSOC MAN AC UK>
Date: Wed, 26 Jul 2000 16:12:39 +0100

After discussion with David Wheeler (and I noticed some
on BUGTRAQ had also mentioned this) it seems that there is
the possibility of format problems for programs naively trusting
localised strings.

1) The GNU gettext source doesn't seem to be a problem, with the exception
of cat-compat.c, where bindtextdomain() checks the environment variable
$NLSPATH. The question is whether any software out there actually uses
this code any more

2) catgets() as specified in SuS can be used to retrieve arbitrary strings
via $NLSPATH. The SuS specification is here :

http://www.opengroup.org/onlinepubs/007908799/xsh/catopen.html

As it happens, the GNU libc ignores this environment variable in the
suid/sgid case. I don't know whether this also applies to other vendor's
implementations ?

I don't actually have a specific piece of code that's under risk, but it
seems that in general catgets() and friends cannot be trusted. Of course,
all the code out there doesn't trust outside functions anyway, right ?

john

Current thread:

i18n issues with format bugs John Levon (Jul 26)
- Re: i18n issues with format bugs Theo de Raadt (Jul 29)
- <Possible follow-ups>
- Re: i18n issues with format bugs Forrest J. Cavalier III (Jul 29)