bug-gettext
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [bug-gettext] intl: Proof against invalid offset/length


From: Mike Frysinger
Subject: Re: [bug-gettext] intl: Proof against invalid offset/length
Date: Wed, 11 Mar 2015 03:10:36 -0400

On 11 Mar 2015 02:39, Carlos O'Donell wrote:
> On 03/11/2015 02:01 AM, Daiki Ueno wrote:
> > It is surprising that there are no checks of lengths/offsets read from
> > MO files.  Currently, I'm thinking of the attached patch (to gettext),
> > which is a bit complicated.  If anyone could suggest a cleaner approach,
> > I'd appreciate it.
> 
> Why does it surprise you?
> 
> The MO files are writable only by root, so it's not a security issue
> because if you could write to them you'd be root, and you'd have
> full access to the system anyway.
> 
> The other alternative is that the filesystem is corrupted and loading
> the MO file crashes your application. This is expected since the
> filesystem is corrupted. You are suggesting we add some rather complex
> checking for the possibly low probability case of a corrupted
> filesystem. If the filesystem is corrupted other things will be failing
> and you need to fix the corruption.
> 
> What strong technical reasons do you have for propsing these additional
> checks?

i thought you could control things via $TEXTDOMAIN/$TEXTDOMAINDIR, but it looks 
like just `bash` and `gettext` respect those ?  so if you have a shell script 
that either directly supports translated messages (e.g. bash's $"..."), or 
indirectly (e.g. manually calling `gettext`), and it doesn't lock down the 
TEXTDOMAINDIR envvar properly, you could get them to load untrusted data and 
crash due to the omitted range checks in glibc ?

i'm not really familiar with how much gettext relies on glibc though or if it 
just entirely uses its own copy of code.

using Debian's code search [1], it looks like git provides GIT_TEXTDOMAINDIR to 
override the default TEXTDOMAINDIR.  i stopped at page ~6 ;).
-mike

[1] http://codesearch.debian.net/perpackage-results/TEXTDOMAINDIR/

Attachment: signature.asc
Description: Digital signature


reply via email to

[Prev in Thread] Current Thread [Next in Thread]