From c72fb33264580ff703ba623bf3c13a5ff1babfea Mon Sep 17 00:00:00 2001 From: Ingo Schwarze Date: Thu, 12 Nov 2015 21:50:03 +0000 Subject: Never use LC_ALL. On the one hand, it can cause misformatting. On the other hand, it is a security risk because it might cause buffer overflows. Use LC_CTYPE only, that's all we need. --- term_ascii.c | 10 +++++++++- 1 file changed, 9 insertions(+), 1 deletion(-) (limited to 'term_ascii.c') diff --git a/term_ascii.c b/term_ascii.c index 1d587c63..2f67eb88 100644 --- a/term_ascii.c +++ b/term_ascii.c @@ -88,8 +88,16 @@ ascii_init(enum termenc enc, const struct manoutput *outopts) #if HAVE_WCHAR if (TERMENC_ASCII != enc) { + + /* + * Do not change any of this to LC_ALL. It might break + * the formatting by subtly changing the behaviour of + * various functions, for example strftime(3). As a + * worst case, it might even cause buffer overflows. + */ + v = TERMENC_LOCALE == enc ? - setlocale(LC_ALL, "") : + setlocale(LC_CTYPE, "") : setlocale(LC_CTYPE, "en_US.UTF-8"); if (NULL != v && MB_CUR_MAX > 1) { p->enc = enc; -- cgit