Hello, I've just checked the getenv(LANG) problem with Linuxconf with Linuxconf 1.10r30, the latest version available on ftp.solucorp.qc.ca I couldn't crash linuxconf-1.10r30 even with large LANG variable so I downloaded the linuxconf version shipped with RH5.1 (although I still use RH5.0FR (French Version)) and this version crashes when the LANG variable is set to a large value. So I looked at the code in misc/linuxconf.cc where the getenv is done. The linuxconf version shipped with RedHat introduces memorization of the langage in the /etc/conf.linuxconf file. This functionality was needed because the LANG variable is not always available to Linuxconf (at boot time and with the HTML interface) and it defeated the automatic langade selection (which was introduced recently in Linuxconf) Unfortunately, what's stocked in conf.linuxconf is the LANG variable before it is checked. As I didn't see any patch and Jack is still not back, I changed the code a little bit to only stock the first two caracters of the LANG variable, which is enough to choose the language. This should hopefully fix the problem. So I think every linuxconf version <=1.10r30 are not vulnerable to this problem. Although a good security auditing of Linuxconf would be a very good thing. patch (to be applied to Linuxconf 1.10r11 shipped with RedHat) follows : (I hope I didn't make it wrong ) Note : If you played with Linuxconf 1.11r11, you'll have to delete manually the linuxconf.lastlang line at the end of /etc/conf.linuxconf --- linuxconf.cc.orig Tue Jun 2 22:32:16 1998 +++ linuxconf.cc Tue Jun 2 23:17:44 1998 @@ -391,18 +391,9 @@ const char *ret = linuxconf_getlangmanual(); if (linuxconf_getlangmode()){ const char *envlang = getenv("LANG"); + /* LANG env variable should not be trusted at all + please check, recheck and improve this code */ const char *lastlang = linuxconf_getval (K_LINUXCONF,K_LASTLANG); - if (envlang == NULL){ - envlang = lastlang; - }else{ - if (lastlang == NULL || strcmp(envlang,lastlang)!=0){ - linuxconf_setcursys (subsys_noarch); - linuxconf_replace (K_LINUXCONF,K_LASTLANG,envlang); - xconf_fopencfg_bypass (true); - linuxconf_save(); - xconf_fopencfg_bypass (false); - } - } if (envlang != NULL && strlen(envlang)>=2){ static char ret2[3]; ret2[0] = envlang[0]; @@ -416,6 +407,29 @@ For this we should test if the subvariant exist and if not try just the first two letters */ + /* we try to see if the lang was memorized or if the lang memorized in conf.linuxconf is the same that we get now +we memorize the lang cause the LANG variable is not always available to Linuxconf (at boot time and with html interface). If you've got a better way to do this... */ + if (lastlang == NULL || strlen(lastlang) || strlen(lastlang)>5 || strncmp(envlang,lastlang,2)!=0){ + /* lastlang did not exist or lang was modified*/ + static char lastlang2[3]; + lastlang2[0] = envlang[0]; + lastlang2[1] = envlang[1]; + lastlang2[2] = '\0'; + linuxconf_setcursys (subsys_noarch); + linuxconf_replace (K_LINUXCONF,K_LASTLANG,lastlang2); + xconf_fopencfg_bypass (true); + linuxconf_save(); + xconf_fopencfg_bypass (false); + } + } + else if (lastlang!=NULL && strlen(lastlang)>=2){ + /* we don't get the lang from the LANG variable */ + /* hopefully we memorized the lang */ + static char ret2[3]; + ret2[0] = lastlang[0]; + ret2[1] = lastlang[1]; + ret2[2] = '\0'; + ret = ret2; } } if (strcmp(ret,"en")==0) ret = "eng";
This archive was generated by hypermail 2b30 : Fri Apr 13 2001 - 13:56:26 PDT