path: root/src/time
diff options
authorRich Felker <>2014-04-22 20:09:56 -0400
committerRich Felker <>2014-05-20 17:58:24 -0400
commitc7776e708e796587f8e264bd51a7ffe74422c26b (patch)
tree338365020eac43fac12d26bcaaaee0bc259e8fcb /src/time
parente65bb40b30d4422f2d6ac2e1ae542e7879ddc13f (diff)
perform minimal sanity checks on zoneinfo files loaded via TZ variable
previously, setting TZ to the pathname of a file which was not a valid zoneinfo file would usually cause programs using local time zone based operations to crash. the new code checks the file size and magic at the beginning of the file, which seems sufficient to prevent accidental misconfiguration from causing crashes. attempting to make fully-robust validation would be futile unless we wanted to drop use of mmap (shared zoneinfo) and instead read it into a local buffer, since such validation would be subject to race conditions with modification of the file. (cherry picked from commit c3d9d172b1fcd56c4d356798f4e3b4653076bcc3)
Diffstat (limited to 'src/time')
1 files changed, 5 insertions, 0 deletions
diff --git a/src/time/__tz.c b/src/time/__tz.c
index 9d56a618..f56ef305 100644
--- a/src/time/__tz.c
+++ b/src/time/__tz.c
@@ -171,6 +171,11 @@ static void do_tzset()
+ if (map && (map_size < 44 || memcmp(map, "TZif", 4))) {
+ __munmap((void *)map, map_size);
+ map = 0;
+ s = __gmt;
+ }
zi = map;
if (map) {