diff options
author | Ulrich Drepper <drepper@redhat.com> | 1997-01-24 02:23:54 +0000 |
---|---|---|
committer | Ulrich Drepper <drepper@redhat.com> | 1997-01-24 02:23:54 +0000 |
commit | 9d187dd4ad11f857386881db032d7e71ad26f47c (patch) | |
tree | dacaae8468e5cf69ffda0ef4b299472f429add8a /time/tzfile.c | |
parent | 8d57beeab10d2afd72e2e3bc6b1ad4695b791955 (diff) | |
download | glibc-9d187dd4ad11f857386881db032d7e71ad26f47c.zip glibc-9d187dd4ad11f857386881db032d7e71ad26f47c.tar.gz glibc-9d187dd4ad11f857386881db032d7e71ad26f47c.tar.bz2 |
update from main archive 970122cvs/libc-970124
1997-01-23 Paul Eggert <eggert@twinsun.com>
* mktime.c (mktime): Invoke __tzset, not __tzset_internal, to set tz,
so that tzname is set as POSIX requires.
Fri Jan 24 02:49:18 1997 Ulrich Drepper <drepper@cygnus.com>
* dirent/dirent.h: Declare readdir_r also when __USE_POSIX.
* grp/grp.h: Declare *_r functions also when __USE_POSIX.
* pwd/pwd.h: Likewise.
* time/time.h: Likewise.
* posix/unistd.h: Declare ttyname_r also when __USE_POSIX.
* string/string.h: Declare strtok_r also when __USE_POSIX.
* stdio-common/bug7.c: Use tmpnam to generate names for test files.
* stdio-common/tmpnam.c: Update copyright.
* stdio-common/tmpnam_r.c: Likewise.
* sysdeps/unix/sysv/linux/alpha/sys/kernel_termios.h: Protect
against multiple inclusion. Include <termbits.h>.
* sysdeps/unix/sysv/linux/sys/kernel_termios.h: Likewise.
* sysdeps/unix/sysv/linux/net/if.h: Update according to recent
kernel headers. Patch by Philip Blundell <pjb27@cam.ac.uk>.
Thu Jan 23 17:42:00 1997 Ulrich Drepper <drepper@cygnus.com>
* sysdeps/unix/sysv/linux/sparc/clone.S: Correct author attribution.
* sysdeps/unix/sysv/linux/net/if_arp (MAX_ADDR_LEN): Add definition.
Thu Jan 23 14:20:34 1997 Ulrich Drepper <drepper@cygnus.com>
* time/tzfile.c (__tzfile_read): Don't allow arbitrary files to be
read when running a setuid program.
Diffstat (limited to 'time/tzfile.c')
-rw-r--r-- | time/tzfile.c | 14 |
1 files changed, 13 insertions, 1 deletions
diff --git a/time/tzfile.c b/time/tzfile.c index 761ddc9..ed7b093 100644 --- a/time/tzfile.c +++ b/time/tzfile.c @@ -21,6 +21,7 @@ #include <time.h> #include <string.h> #include <limits.h> +#include <unistd.h> #define NOID #include <tzfile.h> @@ -79,6 +80,7 @@ decode (const void *ptr) void __tzfile_read (const char *file) { + static const char default_tzdir[] = TZDIR; size_t num_isstd, num_isgmt; register FILE *f; struct tzhead tzhead; @@ -111,9 +113,19 @@ __tzfile_read (const char *file) /* User specified the empty string; use UTC explicitly. */ file = "Universal"; + /* We must not allow to read an arbitrary file in a setuid program. + So we fail for any file which is not in the directory hierachy + starting at TZDIR. */ + if (__libc_enable_secure + && ((*file == '/' + && memcmp (file, default_tzdir, sizeof (default_tzdir) - 1) != 0) + || strstr (file, "../") != NULL)) + /* This test a certainly a bit too restrictive but it should catch all + critical case. */ + return; + if (*file != '/') { - static const char default_tzdir[] = TZDIR; const char *tzdir; unsigned int len, tzdir_len; char *new; |