From: Rich Felker Date: Wed, 23 Apr 2014 00:09:56 +0000 (-0400) Subject: perform minimal sanity checks on zoneinfo files loaded via TZ variable X-Git-Tag: v1.1.1~13 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=c3d9d172b1fcd56c4d356798f4e3b4653076bcc3;p=oweals%2Fmusl.git perform minimal sanity checks on zoneinfo files loaded via TZ variable previously, setting TZ to the pathname of a file which was not a valid zoneinfo file would usually cause programs using local time zone based operations to crash. the new code checks the file size and magic at the beginning of the file, which seems sufficient to prevent accidental misconfiguration from causing crashes. attempting to make fully-robust validation would be futile unless we wanted to drop use of mmap (shared zoneinfo) and instead read it into a local buffer, since such validation would be subject to race conditions with modification of the file. --- diff --git a/src/time/__tz.c b/src/time/__tz.c index 93d59e8d..6d7173cf 100644 --- a/src/time/__tz.c +++ b/src/time/__tz.c @@ -168,6 +168,11 @@ static void do_tzset() } if (!map) s = __gmt; } + if (map && (map_size < 44 || memcmp(map, "TZif", 4))) { + __munmap((void *)map, map_size); + map = 0; + s = __gmt; + } zi = map; if (map) {