From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <libc-hacker-return-9020-listarch-libc-hacker=sources.redhat.com@sourceware.org>
Received: (qmail 20926 invoked by alias); 28 Aug 2006 13:47:11 -0000
Received: (qmail 20907 invoked by uid 22791); 28 Aug 2006 13:47:10 -0000
X-Spam-Check-By: sourceware.org
Received: from sunsite.ms.mff.cuni.cz (HELO sunsite.mff.cuni.cz) (195.113.15.26)
    by sourceware.org (qpsmtpd/0.31) with ESMTP; Mon, 28 Aug 2006 13:47:03 +0000
Received: from sunsite.mff.cuni.cz (sunsite.mff.cuni.cz [127.0.0.1])
	by sunsite.mff.cuni.cz (8.13.1/8.13.1) with ESMTP id k7SDkwec023680;
	Mon, 28 Aug 2006 15:46:58 +0200
Received: (from jj@localhost)
	by sunsite.mff.cuni.cz (8.13.1/8.13.1/Submit) id k7SDkwlE023679;
	Mon, 28 Aug 2006 15:46:58 +0200
Date: Mon, 28 Aug 2006 13:47:00 -0000
From: Jakub Jelinek <jakub@redhat.com>
To: Ulrich Drepper <drepper@redhat.com>
Cc: Glibc hackers <libc-hacker@sources.redhat.com>
Subject: [PATCH] Further protection of localedef against bogus input
Message-ID: <20060828134657.GM4556@sunsite.mff.cuni.cz>
Reply-To: Jakub Jelinek <jakub@redhat.com>
Mime-Version: 1.0
Content-Type: text/plain; charset=us-ascii
Content-Disposition: inline
User-Agent: Mutt/1.4.1i
Mailing-List: contact libc-hacker-help@sourceware.org; run by ezmlm
Precedence: bulk
List-Subscribe: <mailto:libc-hacker-subscribe@sourceware.org>
List-Archive: <http://sourceware.org/ml/libc-hacker/>
List-Post: <mailto:libc-hacker@sourceware.org>
List-Help: <mailto:libc-hacker-help@sourceware.org>, <http://sourceware.org/ml/#faqs>
Sender: libc-hacker-owner@sourceware.org
X-SW-Source: 2006-08/txt/msg00030.txt.bz2

Hi!

ld-ctype.c test:
echo FOO=bar > translit_neutral
localedef -i en_US -f UTF-8 /tmp/en_US.UTF-8 -c

ld-collate.c test:
cat > en_HW <<EOF
LC_COLLATE
copy "iso14651_t1"
collating-symbol  <c-h-br>
collating-element <C-H> from "<U0043><U0048>"
END LC_COLLATE
EOF
for i in IDENTIFICATION CTYPE MONETARY NUMERIC TIME MESSAGES PAPER NAME \
	 ADDRESS TELEPHONE MEASUREMENT; do
  echo -e LC_$i'\ncopy "en_US"\nEND LC_'$i
done >> en_HW
echo FOO=bar > iso14651_t1
localedef -i en_HW -f UTF-8 /tmp/en_HW.UTF-8 -c

2006-08-28  Jakub Jelinek  <jakub@redhat.com>

	* locale/programs/ld-ctype.c (translit_flatten): Issue error
	if other's ctype category was missing.
	* locale/programs/ld-collate.c (collate_read): Return if
	copy_locale's collate category is missing.

--- libc/locale/programs/ld-ctype.c.jj	2006-08-28 13:20:38.000000000 +0200
+++ libc/locale/programs/ld-ctype.c	2006-08-28 15:12:52.000000000 +0200
@@ -3769,7 +3769,7 @@ translit_flatten (struct locale_ctype_t 
 
       other = find_locale (LC_CTYPE, copy_locale, copy_repertoire, charmap);
 
-      if (other == NULL)
+      if (other == NULL || other->categories[LC_CTYPE].ctype == NULL)
 	{
 	  WITH_CUR_LOCALE (error (0, 0, _("\
 %s: transliteration data from locale `%s' not available"),
--- libc/locale/programs/ld-collate.c.jj	2005-12-30 09:04:02.000000000 +0100
+++ libc/locale/programs/ld-collate.c	2006-08-28 15:35:27.000000000 +0200
@@ -1,4 +1,4 @@
-/* Copyright (C) 1995-2002, 2003, 2005 Free Software Foundation, Inc.
+/* Copyright (C) 1995-2002, 2003, 2005, 2006 Free Software Foundation, Inc.
    This file is part of the GNU C Library.
    Contributed by Ulrich Drepper <drepper@gnu.org>, 1995.
 
@@ -2671,6 +2671,9 @@ collate_read (struct linereader *ldfile,
 	      if (locfile_read (copy_locale, charmap) != 0)
 		goto skip_category;
 	    }
+
+	  if (copy_locale->categories[LC_COLLATE].collate == NULL)
+	    return;
 	}
 
       lr_ignore_rest (ldfile, 1);

	Jakub