From: deraadt <deraadt@openbsd.org>
Date: Wed, 2 Apr 1997 03:57:30 +0000 (+0000)
Subject: correctly code the classes of permitted TZ specifications for the
X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=80f2a0558387ea28e4c170c6b13e17cdff2d7516;p=openbsd

correctly code the classes of permitted TZ specifications for the
issetugid() case. thanks bitblt and tholo
---

diff --git a/lib/libc/time/localtime.c b/lib/libc/time/localtime.c
index 5546e0e3c74..00132616c1e 100644
--- a/lib/libc/time/localtime.c
+++ b/lib/libc/time/localtime.c
@@ -7,7 +7,7 @@
 #if 0
 static char	elsieid[] = "@(#)localtime.c	7.59";
 #else
-static char rcsid[] = "$OpenBSD: localtime.c,v 1.9 1997/01/21 04:52:44 millert Exp $";
+static char rcsid[] = "$OpenBSD: localtime.c,v 1.10 1997/04/02 03:57:30 deraadt Exp $";
 #endif
 #endif /* LIBC_SCCS and not lint */
 
@@ -275,6 +275,10 @@ register struct state * const	sp;
 	register int		i;
 	register int		fid;
 
+	if (name != NULL && issetugid() != 0)
+		if ((name[0] == ':' && name[1] == '/') || 
+		    name[0] == '/' || strchr(name, '.'))
+			name = NULL;
 	if (name == NULL && (name = TZDEFAULT) == NULL)
 		return -1;
 	{
@@ -291,7 +295,7 @@ register struct state * const	sp;
 		if (name[0] == ':')
 			++name;
 		doaccess = name[0] == '/';
-		if (!doaccess && issetugid() == 0) {
+		if (!doaccess) {
 			if ((p = TZDIR) == NULL)
 				return -1;
 			if ((strlen(p) + strlen(name) + 1) >= sizeof fullname)