summaryrefslogtreecommitdiff
path: root/lib/libc
diff options
context:
space:
mode:
authorTheo de Raadt <deraadt@cvs.openbsd.org>1998-07-11 23:17:21 +0000
committerTheo de Raadt <deraadt@cvs.openbsd.org>1998-07-11 23:17:21 +0000
commit1aaa13d308b09424f78910b7543724848d9cacbd (patch)
tree7275e3ad7746e702c8fd8e3f60af7303a7a46cb8 /lib/libc
parent6e2cb08a0c7b8530eaa28bca285ffe9da794545a (diff)
be... slightly more permissive.. but i think this is right, i looked at it for 5 minutes
Diffstat (limited to 'lib/libc')
-rw-r--r--lib/libc/time/localtime.c8
1 files changed, 4 insertions, 4 deletions
diff --git a/lib/libc/time/localtime.c b/lib/libc/time/localtime.c
index a3b0b10ba61..e8154d297ba 100644
--- a/lib/libc/time/localtime.c
+++ b/lib/libc/time/localtime.c
@@ -5,7 +5,7 @@
#if defined(LIBC_SCCS) && !defined(lint) && !defined(NOID)
static char elsieid[] = "@(#)localtime.c 7.64";
-static char rcsid[] = "$OpenBSD: localtime.c,v 1.12 1998/07/11 23:08:53 deraadt Exp $";
+static char rcsid[] = "$OpenBSD: localtime.c,v 1.13 1998/07/11 23:17:20 deraadt Exp $";
#endif /* LIBC_SCCS and not lint */
/*
@@ -277,7 +277,7 @@ register struct state * const sp;
register int fid;
if (name != NULL && issetugid() != 0)
- if ((name[0] == ':') ||
+ if ((name[0] == ':' && (strchr(name, '/') || strstr(name, ".."))) ||
name[0] == '/' || strchr(name, '.'))
name = NULL;
if (name == NULL && (name = TZDEFAULT) == NULL)
@@ -291,7 +291,7 @@ register struct state * const sp;
** to hold the longest file name string that the implementation
** guarantees can be opened."
*/
- char fullname[FILENAME_MAX + 1];
+ char fullname[FILENAME_MAX];
if (name[0] == ':')
++name;
@@ -299,7 +299,7 @@ register struct state * const sp;
if (!doaccess) {
if ((p = TZDIR) == NULL)
return -1;
- if ((strlen(p) + strlen(name) + 1) >= sizeof fullname)
+ if ((strlen(p) + 1 + strlen(name)) >= sizeof fullname)
return -1;
(void) strcpy(fullname, p);
(void) strcat(fullname, "/");