This is a live mirror of the Perl 5 development currently hosted at https://github.com/perl/perl5
locale.c: Avoid potential read beyond buffer end
authorKarl Williamson <khw@cpan.org>
Mon, 11 Sep 2017 23:24:00 +0000 (17:24 -0600)
committerKarl Williamson <khw@cpan.org>
Thu, 9 Nov 2017 06:35:36 +0000 (23:35 -0700)
commitabc1d81d7169b55539b1137fcb120d065f696eb7
tree7054bf02fb7953d7949c4e1a952b874c557c55ad
parent58e4a4676d898b44a54a55a7062b3bb087afa275
locale.c: Avoid potential read beyond buffer end

I noticed this flaw by code reading; I doubt that it's exploitable.
foldEQ assumes that both operands are at least as long as its length
parameter.  In this case, it's possible that the codeset returned by
nl_langinfo is shorter than 5, in which case, it would try to access the
extra characters in the heap.  Real codesets tend to be longer than
this, so an attacker would likely have to install a locale with a
made-up codeset whose name is shorter.

Even the C locale is longer: "ANSI_X3.4-1968"
locale.c