CyberLeo.Net >> Repos - FreeBSD/FreeBSD.git/commit

author	Jose Luis Duran <jlduran@gmail.com>
	Thu, 13 Oct 2022 15:51:27 +0000 (12:51 -0300)
committer	Konstantin Belousov <kib@FreeBSD.org>
	Tue, 25 Oct 2022 21:40:17 +0000 (00:40 +0300)
commit	9e03b903e377c75a60cbbb89ed78955769a1c804
tree	6ec207f8c4666e34544ddd6c40087e81c7e9fd4a	tree \| snapshot
parent	0afd11d50f277c24e80dd0228b122bcc53d559c0	commit \| diff

strfmon: Avoid an out-of-bounds access

Avoid an out-of-bounds access when trying to set the space_char using an
international currency format (%i) and the C/POSIX locale.

The current code tries to read the SPACE from int_curr_symbol[3]:

    currency_symbol = strdup(lc->int_curr_symbol);
    space_char = *(currency_symbol+3);

But on C/POSIX locales, int_curr_symbol is empty.

Three implementations have been examined: NetBSD[1], Darwin[2], and
Illumos[3].  Only NetBSD has fixed it[4].

Darwin and NetBSD also trim the mandatory final SPACE character after
reading it.

    Locale         Format    Darwin/NetBSD    FreeBSD/Illumos
    en_US.UTF-8    [%i]      [USD123.45]      [USD 123.45]
    fr_FR.UTF-8    [%i]      [123,45 EUR]     [123,45 EUR ]

This commit only fixes the out-of-bounds access.

[1]: https://github.com/NetBSD/src/blob/trunk/lib/libc/stdlib/strfmon.c
[2]: https://opensource.apple.com/source/Libc/Libc-1439.141.1/stdlib/NetBSD/strfmon.c.auto.html
[3]: https://github.com/illumos/illumos-gate/blob/master/usr/src/lib/libc/port/locale/strfmon.c
[4]: https://github.com/NetBSD/src/commit/3d7b5d498aa9609f2bc9ece9c734c5f493a8e239

Reviewed by: kib
PR: 267282
Github PR: #619
MFC after: 1 week

lib/libc/stdlib/strfmon.c		diff \| blob \| history
lib/libc/tests/stdlib/strfmon_test.c		diff \| blob \| history