aboutsummaryrefslogtreecommitdiff
path: root/time/tzfile.c
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>1997-01-24 02:23:54 +0000
committerUlrich Drepper <drepper@redhat.com>1997-01-24 02:23:54 +0000
commit9d187dd4ad11f857386881db032d7e71ad26f47c (patch)
treedacaae8468e5cf69ffda0ef4b299472f429add8a /time/tzfile.c
parent8d57beeab10d2afd72e2e3bc6b1ad4695b791955 (diff)
downloadglibc-9d187dd4ad11f857386881db032d7e71ad26f47c.zip
glibc-9d187dd4ad11f857386881db032d7e71ad26f47c.tar.gz
glibc-9d187dd4ad11f857386881db032d7e71ad26f47c.tar.bz2
update from main archive 970122cvs/libc-970124
1997-01-23 Paul Eggert <eggert@twinsun.com> * mktime.c (mktime): Invoke __tzset, not __tzset_internal, to set tz, so that tzname is set as POSIX requires. Fri Jan 24 02:49:18 1997 Ulrich Drepper <drepper@cygnus.com> * dirent/dirent.h: Declare readdir_r also when __USE_POSIX. * grp/grp.h: Declare *_r functions also when __USE_POSIX. * pwd/pwd.h: Likewise. * time/time.h: Likewise. * posix/unistd.h: Declare ttyname_r also when __USE_POSIX. * string/string.h: Declare strtok_r also when __USE_POSIX. * stdio-common/bug7.c: Use tmpnam to generate names for test files. * stdio-common/tmpnam.c: Update copyright. * stdio-common/tmpnam_r.c: Likewise. * sysdeps/unix/sysv/linux/alpha/sys/kernel_termios.h: Protect against multiple inclusion. Include <termbits.h>. * sysdeps/unix/sysv/linux/sys/kernel_termios.h: Likewise. * sysdeps/unix/sysv/linux/net/if.h: Update according to recent kernel headers. Patch by Philip Blundell <pjb27@cam.ac.uk>. Thu Jan 23 17:42:00 1997 Ulrich Drepper <drepper@cygnus.com> * sysdeps/unix/sysv/linux/sparc/clone.S: Correct author attribution. * sysdeps/unix/sysv/linux/net/if_arp (MAX_ADDR_LEN): Add definition. Thu Jan 23 14:20:34 1997 Ulrich Drepper <drepper@cygnus.com> * time/tzfile.c (__tzfile_read): Don't allow arbitrary files to be read when running a setuid program.
Diffstat (limited to 'time/tzfile.c')
-rw-r--r--time/tzfile.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/time/tzfile.c b/time/tzfile.c
index 761ddc9..ed7b093 100644
--- a/time/tzfile.c
+++ b/time/tzfile.c
@@ -21,6 +21,7 @@
#include <time.h>
#include <string.h>
#include <limits.h>
+#include <unistd.h>
#define NOID
#include <tzfile.h>
@@ -79,6 +80,7 @@ decode (const void *ptr)
void
__tzfile_read (const char *file)
{
+ static const char default_tzdir[] = TZDIR;
size_t num_isstd, num_isgmt;
register FILE *f;
struct tzhead tzhead;
@@ -111,9 +113,19 @@ __tzfile_read (const char *file)
/* User specified the empty string; use UTC explicitly. */
file = "Universal";
+ /* We must not allow to read an arbitrary file in a setuid program.
+ So we fail for any file which is not in the directory hierachy
+ starting at TZDIR. */
+ if (__libc_enable_secure
+ && ((*file == '/'
+ && memcmp (file, default_tzdir, sizeof (default_tzdir) - 1) != 0)
+ || strstr (file, "../") != NULL))
+ /* This test a certainly a bit too restrictive but it should catch all
+ critical case. */
+ return;
+
if (*file != '/')
{
- static const char default_tzdir[] = TZDIR;
const char *tzdir;
unsigned int len, tzdir_len;
char *new;