[gnome-settings-daemon] datetime: Actually check for the timezone filename

From: Bastien Nocera <hadess src gnome org>
To: commits-list gnome org
Cc:
Subject: [gnome-settings-daemon] datetime: Actually check for the timezone filename
Date: Wed, 8 Dec 2010 14:31:41 +0000 (UTC)

commit f10777310f972b232693a5d9717aca3405cbf5eb
Author: Bastien Nocera <hadess hadess net>
Date:   Wed Dec 8 14:29:16 2010 +0000

    datetime: Actually check for the timezone filename
    
    We really shouldn't allow relative paths as a timezone name, otherwise
    one could copy just about any file to /etc/localtime if the policy
    allowed them to set the name.

 plugins/datetime/gsd-datetime-mechanism.c |   33 +++++++++++++++++++++++++++++
 1 files changed, 33 insertions(+), 0 deletions(-)
---
diff --git a/plugins/datetime/gsd-datetime-mechanism.c b/plugins/datetime/gsd-datetime-mechanism.c
index 1f1899d..e719354 100644
--- a/plugins/datetime/gsd-datetime-mechanism.c
+++ b/plugins/datetime/gsd-datetime-mechanism.c
@@ -428,6 +428,36 @@ gsd_datetime_mechanism_adjust_time (GsdDatetimeMechanism  *mechanism,
         return _set_time (mechanism, &tv, context);        
 }
 
+static gboolean
+gsd_datetime_check_tz_name (const char *tz,
+			    GError    **error)
+{
+	GFile *file;
+	char *tz_path, *actual_path;
+	gboolean retval;
+
+	retval = TRUE;
+	tz_path = g_build_filename (SYSTEM_ZONEINFODIR, tz, NULL);
+
+	/* Get the actual resolved path */
+	file = g_file_new_for_path (tz);
+	actual_path = g_file_get_path (file);
+	g_object_unref (file);
+
+	/* The tz name passed had relative paths in it */
+	if (g_strcmp0 (tz_path, actual_path) != 0) {
+                g_set_error (error, GSD_DATETIME_MECHANISM_ERROR,
+                             GSD_DATETIME_MECHANISM_ERROR_INVALID_TIMEZONE_FILE,
+                             "Timezone file '%s' was invalid.",
+                             tz);
+		retval = FALSE;
+	}
+
+	g_free (tz_path);
+	g_free (actual_path);
+
+	return retval;
+}
 
 gboolean
 gsd_datetime_mechanism_set_timezone (GsdDatetimeMechanism  *mechanism,
@@ -444,6 +474,9 @@ gsd_datetime_mechanism_set_timezone (GsdDatetimeMechanism  *mechanism,
 
         error = NULL;
 
+        if (!gsd_datetime_check_tz_name (tz, &error))
+                return FALSE;
+
         if (!system_timezone_set (tz, &error)) {
                 GError *error2;
                 int     code;

[Date Prev][Date Next] [Thread Prev][Thread Next] [Thread Index] [Date Index] [Author Index]