git: 3e2e5eebfaa0 - main - tzcode: Remove access() again, cf. 02ba1d993fa9.

Sat, 14 Jan 2023 09:20:09 -0800 

The branch main has been updated by des:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=3e2e5eebfaa0aebb2790bbde7f35d4c6c52e2596

commit 3e2e5eebfaa0aebb2790bbde7f35d4c6c52e2596
Author:     Dag-Erling Smørgrav <[email protected]>
AuthorDate: 2023-01-13 14:54:21 +0000
Commit:     Dag-Erling Smørgrav <[email protected]>
CommitDate: 2023-01-14 17:16:17 +0000

    tzcode: Remove access() again, cf. 02ba1d993fa9.
    
    Reported by:    Coverity (CID 1250126)
    MFC after:      1 week
    Sponsored by:   Klara, Inc.
    Differential Revision: https://reviews.freebsd.org/D38035
---
 contrib/tzcode/localtime.c | 23 +----------------------
 1 file changed, 1 insertion(+), 22 deletions(-)

diff --git a/contrib/tzcode/localtime.c b/contrib/tzcode/localtime.c
index 2dbab26509d3..30ae18a965e8 100644
--- a/contrib/tzcode/localtime.c
+++ b/contrib/tzcode/localtime.c
@@ -468,7 +468,6 @@ tzloadbody(char const *name, struct state *sp, bool 
doextend,
        register int                    fid;
        register int                    stored;
        register ssize_t                nread;
-       register bool doaccess;
        register union input_buffer *up = &lsp->u.u;
        register int tzheadsize = sizeof(struct tzhead);
 
@@ -482,15 +481,7 @@ tzloadbody(char const *name, struct state *sp, bool 
doextend,
 
        if (name[0] == ':')
                ++name;
-#ifdef SUPPRESS_TZDIR
-       /* Do not prepend TZDIR.  This is intended for specialized
-          applications only, due to its security implications.  */
-       doaccess = true;
-#else
-       doaccess = name[0] == '/';
-#endif
-       if (!doaccess) {
-               char const *dot;
+       if (name[0] != '/') {
                if (sizeof lsp->fullname - sizeof tzdirslash <= strlen(name))
                  return ENAMETOOLONG;
 
@@ -500,20 +491,8 @@ tzloadbody(char const *name, struct state *sp, bool 
doextend,
                memcpy(lsp->fullname, tzdirslash, sizeof tzdirslash);
                strcpy(lsp->fullname + sizeof tzdirslash, name);
 
-               /* Set doaccess if NAME contains a ".." file name
-                  component, as such a name could read a file outside
-                  the TZDIR virtual subtree.  */
-               for (dot = name; (dot = strchr(dot, '.')); dot++)
-                 if ((dot == name || dot[-1] == '/') && dot[1] == '.'
-                     && (dot[2] == '/' || !dot[2])) {
-                   doaccess = true;
-                   break;
-                 }
-
                name = lsp->fullname;
        }
-       if (doaccess && access(name, R_OK) != 0)
-         return errno;
        if (doextend) {
                /*
                 * Detect if the timezone file has changed.  Check

Reply via email to