aniani/elinks
1
0
Fork 0
mirror of https://github.com/rkd77/elinks.git synced 2024-11-04 08:17:17 -05:00
Code

Check if the program path contains "src/" before using ../po files

Browse Source 
Don't look for gettext message catalogs in ../po/ unless ELinks is being
run as src/elinks, ./src/elinks, or .../src/elinks.

Discovered by Arnaud Giersch, this alternate fix (than what is in debian
package 0.11.1-1.4) closes debian bug #417789 and redhat bug #235411.
Also reported in: CVE-2007-2027.

Restricting it to only work with --enable-debug was also considered,
however, it is an important feature for translaters so this less
paranoid fix was chosen.
This commit is contained in:
Jonas Fonseca 2007-05-03 08:46:29 +02:00
parent 815a70b8ee
commit 110c564af3
1 changed files with 5 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
src/intl/gettext/loadmsgcat.c
View File

@ -212,6 +212,11 @@ add_filename_to_string(struct string *str, struct loaded_l10nfile *domain_file)
unsigned char *slash = strrchr(program.path, '/');
size_t dirnamelen = (slash ? slash - program.path + 1 : 0);
/* Check if elinks is being run from the source tree. */
if (dirnamelen < 4
|| strncmp(program.path + dirnamelen - 4, "src", 3))
return NULL;
if ((dirnamelen && !add_bytes_to_string(str, program.path, dirnamelen))
|| !add_to_string(str, "../po/")
|| !add_bytes_to_string(str,