perform minimal sanity checks on zoneinfo files loaded via TZ variable

previously, setting TZ to the pathname of a file which was not a valid
zoneinfo file would usually cause programs using local time zone based
operations to crash. the new code checks the file size and magic at
the beginning of the file, which seems sufficient to prevent
accidental misconfiguration from causing crashes. attempting to make
fully-robust validation would be futile unless we wanted to drop use
of mmap (shared zoneinfo) and instead read it into a local buffer,
since such validation would be subject to race conditions with
modification of the file.

(cherry picked from commit c3d9d172b1fcd56c4d356798f4e3b4653076bcc3)

diff --git a/src/time/__tz.c b/src/time/__tz.c
index 9d56a618f2d58c7084c26096bc04b05280210866..f56ef3053d09f762d9a7d76e32adb30f1e65dd82 100644 (file)
--- a/src/time/__tz.c
+++ b/src/time/__tz.c
@@ -171,6 +171,11 @@ static void do_tzset()
                        }
                }
        }
+       if (map && (map_size < 44 || memcmp(map, "TZif", 4))) {
+               __munmap((void *)map, map_size);
+               map = 0;
+               s = __gmt;
+       }
 
        zi = map;
        if (map) {