On multithreaded platforms, tzset could leak a file descriptor into a forked or execed process. Fix the leak. While we’re at it, don’t let the TZif file become the controlling tty. * NEWS: Mention this. * localtime.c (O_CLOEXEC, O_CLOFORK, O_IGNORE_CTTY, O_NOCTTY): Default to 0. (tzloadbody): Use these flags when opening the TZif file. --- NEWS | 5 +++++ localtime.c | 22 +++++++++++++++++----- 2 files changed, 22 insertions(+), 5 deletions(-) diff --git a/NEWS b/NEWS index 79686147..2fc7bb19 100644 --- a/NEWS +++ b/NEWS @@ -56,6 +56,11 @@ Unreleased, experimental changes PTRDIFF_MAX, a limit forced by C anyway; formerly tzcode silently misbehaved unless TZNAME_MAXIMUM was less than INT_MAX. + tzset and related functions no longer leak a file descriptor if + another thread forks or execs at about the same time and if the + platform has O_CLOFORK and O_CLOEXEC respectively. Also, the + functions no longer let a TZif file become a controlling terminal. + Changes to documentation The name Etc/Unknown is now reserved: it will not be used by TZDB. diff --git a/localtime.c b/localtime.c index 492965d9..f92676c6 100644 --- a/localtime.c +++ b/localtime.c @@ -96,12 +96,23 @@ typedef intmax_t timex_t; # define TZ_ABBR_ERR_CHAR '_' #endif /* !defined TZ_ABBR_ERR_CHAR */ -/* -** Support non-POSIX platforms that distinguish between text and binary files. -*/ +/* Port to platforms that lack some O_* flags. Unless otherwise + specified, the flags are standardized by POSIX. */ #ifndef O_BINARY -# define O_BINARY 0 +# define O_BINARY 0 /* MS-Windows */ +#endif +#ifndef O_CLOEXEC +# define O_CLOEXEC 0 +#endif +#ifndef O_CLOFORK +# define O_CLOFORK 0 +#endif +#ifndef O_IGNORE_CTTY +# define O_IGNORE_CTTY 0 /* GNU/Hurd */ +#endif +#ifndef O_NOCTTY +# define O_NOCTTY 0 #endif #ifndef WILDABBR @@ -542,7 +553,8 @@ tzloadbody(char const *name, struct state *sp, bool doextend, } if (doaccess && access(name, R_OK) != 0) return errno; - fid = open(name, O_RDONLY | O_BINARY); + fid = open(name, (O_RDONLY | O_BINARY | O_CLOEXEC | O_CLOFORK + | O_IGNORE_CTTY | O_NOCTTY)); if (fid < 0) return errno; -- 2.47.0