tzcode: Fix issues when TZ is an absolute path

* If TZ starts with TZDIR, strip any additional slashes so relname
  does not end up looking like an absolute path.  For instance,
  TZ=/usr/share/zoneinfo//UTC should result in UTC, not /UTC.

* In the setugid case, we were incorrectly passing name rather than
  relname to fstatat().

* Modify the tz_env and tz_env_setugid test cases to exercise both
  of these scenarios.

* Also add test cases for invalid values of TZ, which I wrote
  earlier but forgot to include in a5f14e4f90.

Reported by:	Paul Eggert <eggert@cs.ucla.edu>
MFC after:	3 days
Fixes:		967a49a21a ("Update tzcode to 2025b")
Fixes:		a5f14e4f90 ("tzcode: Use -00 only for invalid time zones")
Reviewed by:	philip
Differential Revision:	https://reviews.freebsd.org/D52753
This commit is contained in:
Dag-Erling Smørgrav
2025-09-27 19:07:04 +02:00
parent d58339f398
commit df8bc705eb
3 changed files with 84 additions and 9 deletions
+1 -1
View File
@@ -51,7 +51,7 @@
#include "un-namespace.h"
#include "../stdlib/atexit.h"
#include "tzdir.h" /* from ../../../contrib/tzcode/stdtime */
#include "tzdir.h" /* from ../../../contrib/tzcode */
#include "libc_private.h"
#define _PATH_ZONEINFO TZDIR /* from tzfile.h */
+1
View File
@@ -3,6 +3,7 @@
ATF_TESTS_C+= strptime_test
ATF_TESTS_C+= detect_tz_changes_test
CFLAGS.detect_tz_changes_test+= -I${SRCTOP}/contrib/tzcode
.if ${MK_DETECT_TZ_CHANGES} != "no"
CFLAGS.detect_tz_changes_test+= -DDETECT_TZ_CHANGES
.endif
@@ -20,6 +20,8 @@
#include <time.h>
#include <unistd.h>
#include "tzdir.h"
#include <atf-c.h>
static const struct tzcase {
@@ -62,9 +64,9 @@ debug(const char *fmt, ...)
static void
change_tz(const char *tzn)
{
static const char *zfn = "/usr/share/zoneinfo";
static const char *tfn = "root/etc/.localtime";
static const char *dfn = "root/etc/localtime";
static const char *zfn = TZDIR;
static const char *tfn = "root" TZDEFAULT ".tmp";
static const char *dfn = "root" TZDEFAULT;
ssize_t clen;
int zfd, sfd, dfd;
@@ -96,6 +98,50 @@ test_tz(const char *expect)
ATF_CHECK_STREQ(expect, buf);
}
ATF_TC(tz_default);
ATF_TC_HEAD(tz_default, tc)
{
atf_tc_set_md_var(tc, "descr", "Test default zone");
atf_tc_set_md_var(tc, "require.user", "root");
}
ATF_TC_BODY(tz_default, tc)
{
/* prepare chroot with no /etc/localtime */
ATF_REQUIRE_EQ(0, mkdir("root", 0755));
ATF_REQUIRE_EQ(0, mkdir("root/etc", 0755));
/* enter chroot */
ATF_REQUIRE_EQ(0, chroot("root"));
ATF_REQUIRE_EQ(0, chdir("/"));
/* check timezone */
unsetenv("TZ");
test_tz("+0000 (UTC)");
}
ATF_TC(tz_invalid_file);
ATF_TC_HEAD(tz_invalid_file, tc)
{
atf_tc_set_md_var(tc, "descr", "Test invalid zone file");
atf_tc_set_md_var(tc, "require.user", "root");
}
ATF_TC_BODY(tz_invalid_file, tc)
{
static const char *dfn = "root/etc/localtime";
int fd;
/* prepare chroot with bogus /etc/localtime */
ATF_REQUIRE_EQ(0, mkdir("root", 0755));
ATF_REQUIRE_EQ(0, mkdir("root/etc", 0755));
ATF_REQUIRE((fd = open(dfn, O_RDWR | O_CREAT, 0644)) >= 0);
ATF_REQUIRE_EQ(8, write(fd, "invalid\n", 8));
ATF_REQUIRE_EQ(0, close(fd));
/* enter chroot */
ATF_REQUIRE_EQ(0, chroot("root"));
ATF_REQUIRE_EQ(0, chdir("/"));
/* check timezone */
unsetenv("TZ");
test_tz("+0000 (-00)");
}
ATF_TC(thin_jail);
ATF_TC_HEAD(thin_jail, tc)
{
@@ -327,10 +373,38 @@ ATF_TC_HEAD(tz_env, tc)
}
ATF_TC_BODY(tz_env, tc)
{
const struct tzcase *tzcase;
char path[MAXPATHLEN];
const struct tzcase *tzcase = tzcases;
int len;
/* relative path */
for (tzcase = tzcases; tzcase->tzfn != NULL; tzcase++)
test_tz_env(tzcase->tzfn, tzcase->expect);
/* absolute path */
for (tzcase = tzcases; tzcase->tzfn != NULL; tzcase++) {
len = snprintf(path, sizeof(path), "%s/%s", TZDIR, tzcase->tzfn);
ATF_REQUIRE(len > 0 && (size_t)len < sizeof(path));
test_tz_env(path, tzcase->expect);
}
/* absolute path with additional slashes */
for (tzcase = tzcases; tzcase->tzfn != NULL; tzcase++) {
len = snprintf(path, sizeof(path), "%s/////%s", TZDIR, tzcase->tzfn);
ATF_REQUIRE(len > 0 && (size_t)len < sizeof(path));
test_tz_env(path, tzcase->expect);
}
}
ATF_TC(tz_invalid_env);
ATF_TC_HEAD(tz_invalid_env, tc)
{
atf_tc_set_md_var(tc, "descr", "Test invalid TZ value");
atf_tc_set_md_var(tc, "require.user", "root");
}
ATF_TC_BODY(tz_invalid_env, tc)
{
test_tz_env("invalid", "+0000 (-00)");
test_tz_env(":invalid", "+0000 (-00)");
}
ATF_TC(setugid);
@@ -367,23 +441,23 @@ ATF_TC_HEAD(tz_env_setugid, tc)
}
ATF_TC_BODY(tz_env_setugid, tc)
{
const struct tzcase *tzcase = tzcases;
ATF_REQUIRE_EQ(0, seteuid(UID_NOBODY));
ATF_REQUIRE(issetugid());
for (tzcase = tzcases; tzcase->tzfn != NULL; tzcase++)
test_tz_env(tzcase->tzfn, tzcase->expect);
ATF_TC_BODY_NAME(tz_env)(tc);
}
ATF_TP_ADD_TCS(tp)
{
debugging = !getenv("__RUNNING_INSIDE_ATF_RUN") &&
isatty(STDERR_FILENO);
ATF_TP_ADD_TC(tp, tz_default);
ATF_TP_ADD_TC(tp, tz_invalid_file);
ATF_TP_ADD_TC(tp, thin_jail);
#ifdef DETECT_TZ_CHANGES
ATF_TP_ADD_TC(tp, detect_tz_changes);
#endif /* DETECT_TZ_CHANGES */
ATF_TP_ADD_TC(tp, tz_env);
ATF_TP_ADD_TC(tp, tz_invalid_env);
ATF_TP_ADD_TC(tp, setugid);
ATF_TP_ADD_TC(tp, tz_env_setugid);
return (atf_no_error());