Diffusion FreeBSD src repository 9e03b903e377

strfmon: Avoid an out-of-bounds access
9e03b903e377
Actions

Description

strfmon: Avoid an out-of-bounds access

Avoid an out-of-bounds access when trying to set the space_char using an
international currency format (%i) and the C/POSIX locale.

The current code tries to read the SPACE from int_curr_symbol[3]:

currency_symbol = strdup(lc->int_curr_symbol);
space_char = *(currency_symbol+3);

But on C/POSIX locales, int_curr_symbol is empty.

Three implementations have been examined: NetBSD[1], Darwin[2], and
Illumos[3]. Only NetBSD has fixed it[4].

Darwin and NetBSD also trim the mandatory final SPACE character after
reading it.

Locale         Format    Darwin/NetBSD    FreeBSD/Illumos
en_US.UTF-8    [%i]      [USD123.45]      [USD 123.45]
fr_FR.UTF-8    [%i]      [123,45 EUR]     [123,45 EUR ]

This commit only fixes the out-of-bounds access.

[1]: https://github.com/NetBSD/src/blob/trunk/lib/libc/stdlib/strfmon.c
[2]: https://opensource.apple.com/source/Libc/Libc-1439.141.1/stdlib/NetBSD/strfmon.c.auto.html
[3]: https://github.com/illumos/illumos-gate/blob/master/usr/src/lib/libc/port/locale/strfmon.c
[4]: https://github.com/NetBSD/src/commit/3d7b5d498aa9609f2bc9ece9c734c5f493a8e239

Reviewed by: kib
PR: 267282
Github PR: #619
MFC after: 1 week

Details

Provenance

jlduran	Authored on Oct 13 2022, 3:51 PM
kib	Committed on Oct 25 2022, 9:40 PM

Parents

rG0afd11d50f27: strfmon: Fix typos in source code comments

Branches

Unknown

Tags

Unknown

Event Timeline

kib committed rG9e03b903e377: strfmon: Avoid an out-of-bounds access (authored by jlduran).Oct 25 2022, 9:40 PM

kib mentioned this in rGda5b1c42c5aa: strfmon: Avoid an out-of-bounds access.Nov 1 2022, 12:47 AM

Changes (2)

Path

Size

lib/

libc/

stdlib/

strfmon.c

tests/

stdlib/

strfmon_test.c

rG9e03b903e377

View Options

lib/libc/stdlib/strfmon.c