summary refs log tree commit diff
path: root/time/tzfile.c
diff options
context:
space:
mode:
authorUlrich Drepper <drepper@redhat.com>1997-01-24 02:23:54 +0000
committerUlrich Drepper <drepper@redhat.com>1997-01-24 02:23:54 +0000
commit9d187dd4ad11f857386881db032d7e71ad26f47c (patch)
treedacaae8468e5cf69ffda0ef4b299472f429add8a /time/tzfile.c
parent8d57beeab10d2afd72e2e3bc6b1ad4695b791955 (diff)
downloadglibc-9d187dd4ad11f857386881db032d7e71ad26f47c.tar.gz
glibc-9d187dd4ad11f857386881db032d7e71ad26f47c.tar.xz
glibc-9d187dd4ad11f857386881db032d7e71ad26f47c.zip
update from main archive 970122 cvs/libc-970124
1997-01-23  Paul Eggert  <eggert@twinsun.com>

	* mktime.c (mktime): Invoke __tzset, not __tzset_internal, to set tz,
	so that tzname is set as POSIX requires.

Fri Jan 24 02:49:18 1997  Ulrich Drepper  <drepper@cygnus.com>

	* dirent/dirent.h: Declare readdir_r also when __USE_POSIX.
	* grp/grp.h: Declare *_r functions also when __USE_POSIX.
	* pwd/pwd.h: Likewise.
	* time/time.h: Likewise.
	* posix/unistd.h: Declare ttyname_r also when __USE_POSIX.
	* string/string.h: Declare strtok_r also when __USE_POSIX.

	* stdio-common/bug7.c: Use tmpnam to generate names for test files.

	* stdio-common/tmpnam.c: Update copyright.
	* stdio-common/tmpnam_r.c: Likewise.

	* sysdeps/unix/sysv/linux/alpha/sys/kernel_termios.h: Protect
	against multiple inclusion.  Include <termbits.h>.
	* sysdeps/unix/sysv/linux/sys/kernel_termios.h: Likewise.

	* sysdeps/unix/sysv/linux/net/if.h: Update according to recent
	kernel headers.  Patch by Philip Blundell <pjb27@cam.ac.uk>.

Thu Jan 23 17:42:00 1997  Ulrich Drepper  <drepper@cygnus.com>

	* sysdeps/unix/sysv/linux/sparc/clone.S: Correct author attribution.

	* sysdeps/unix/sysv/linux/net/if_arp (MAX_ADDR_LEN): Add definition.

Thu Jan 23 14:20:34 1997  Ulrich Drepper  <drepper@cygnus.com>

	* time/tzfile.c (__tzfile_read): Don't allow arbitrary files to be
	read when running a setuid program.
Diffstat (limited to 'time/tzfile.c')
-rw-r--r--time/tzfile.c14
1 files changed, 13 insertions, 1 deletions
diff --git a/time/tzfile.c b/time/tzfile.c
index 761ddc9539..ed7b0932f3 100644
--- a/time/tzfile.c
+++ b/time/tzfile.c
@@ -21,6 +21,7 @@
 #include <time.h>
 #include <string.h>
 #include <limits.h>
+#include <unistd.h>
 
 #define	NOID
 #include <tzfile.h>
@@ -79,6 +80,7 @@ decode (const void *ptr)
 void
 __tzfile_read (const char *file)
 {
+  static const char default_tzdir[] = TZDIR;
   size_t num_isstd, num_isgmt;
   register FILE *f;
   struct tzhead tzhead;
@@ -111,9 +113,19 @@ __tzfile_read (const char *file)
     /* User specified the empty string; use UTC explicitly.  */
     file = "Universal";
 
+  /* We must not allow to read an arbitrary file in a setuid program.
+     So we fail for any file which is not in the directory hierachy
+     starting at TZDIR.  */
+  if (__libc_enable_secure
+      && ((*file == '/'
+	   && memcmp (file, default_tzdir, sizeof (default_tzdir) - 1) != 0)
+	  || strstr (file, "../") != NULL))
+    /* This test a certainly a bit too restrictive but it should catch all
+       critical case.  */
+    return;
+
   if (*file != '/')
     {
-      static const char default_tzdir[] = TZDIR;
       const char *tzdir;
       unsigned int len, tzdir_len;
       char *new;