tzset_unlocked() calls zoneinit() with TZLOAD_STRINGS | TZLOAD_FROMENV regardless of whether name actually came from the environment. If name is null, zoneinit() will use TZDEFAULT instead, but will incorrectly consider that to be tainted, and unnecessarily perform an access check before trying to open it. That is luckily harmless in unmodified tzcode, but I would still prefer if TZLOAD_FROMENV were only set when actually true; see attached patch.
DES -- Dag-Erling Smørgrav - [email protected]
>From 9fb66a1bc16c7a4b652880335fd54d3db799091c Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Dag-Erling=20Sm=C3=B8rgrav?= <[email protected]> Date: Fri, 29 Aug 2025 17:16:26 +0200 Subject: [PATCH 1/1] tzset: Only set FROMENV flag if the name came the environment --- localtime.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/localtime.c b/localtime.c index 96737ca6..e1d8317b 100644 --- a/localtime.c +++ b/localtime.c @@ -1472,6 +1472,7 @@ static void tzset_unlocked(void) { char const *name = getenv("TZ"); + int tzloadflags = TZLOAD_TZSTRING | (name ? TZLOAD_FROMENV : 0); struct state *sp = lclptr; int lcl = name ? strlen(name) < sizeof lcl_TZname : -1; if (lcl < 0 @@ -1483,7 +1484,7 @@ tzset_unlocked(void) lclptr = sp = malloc(sizeof *lclptr); # endif if (sp) { - if (zoneinit(sp, name, TZLOAD_FROMENV | TZLOAD_TZSTRING) != 0) { + if (zoneinit(sp, name, tzloadflags) != 0) { zoneinit(sp, "", 0); strcpy(sp->chars, UNSPEC); } -- 2.50.1
