[tz] zic tweak to warn about non-ASCII in filenames
Paul Eggert
eggert at cs.ucla.edu
Fri Jun 27 06:41:00 UTC 2014
Tim Parenti wrote:
> Disallowing "." alongside ".."
> effectively requires that all paths be explicit, which allows the
> "duplicate zone name" error to handle the rest.
Thanks, I installed the attached patch to disallow those components.
-------------- next part --------------
From 2c780353d2c6f0a96104dfaaeebeda80586b3852 Mon Sep 17 00:00:00 2001
From: Paul Eggert <eggert at cs.ucla.edu>
Date: Thu, 26 Jun 2014 23:37:51 -0700
Subject: [PATCH] 'zic' now rejects output file names with '.' or '..'
components.
* zic.8, NEWS: Say that "." and ".." file name
components are not allowed in output file names.
* zic.c (componentcheck, namecheck): Do not allow such
file name components.
---
NEWS | 3 +++
zic.8 | 15 ++++++++++++---
zic.c | 13 ++++++++++---
3 files changed, 25 insertions(+), 6 deletions(-)
diff --git a/NEWS b/NEWS
index d0cbd42..fd9d2d9 100644
--- a/NEWS
+++ b/NEWS
@@ -19,6 +19,9 @@ Unreleased, experimental changes
Error diagnostics of 'zic' and 'yearistype' have been reworded so that
they no longer use ASCII '-' as if it were a dash.
+ 'zic' now rejects output file names that contain '.' or '..' components.
+ (Thanks to Tim Parenti for reporting the problem.)
+
'zic -v' now warns about output file names that do not follow
POSIX rules, or that contain a digit or '.'. (Thanks to Arthur
David Olson for starting the ball rolling on this.)
diff --git a/zic.8 b/zic.8
index 2a1d29e..5178f34 100644
--- a/zic.8
+++ b/zic.8
@@ -339,6 +339,12 @@ The fields that make up a zone line are:
The name of the time zone.
This is the name used in creating the time conversion information file for the
zone.
+It should not contain a file name component
+.q ".\&"
+or
+.q ".." ;
+a file name component is a maximal substring that does not contain
+.q "/" .
.TP
.B GMTOFF
The amount of time to add to UT to get standard time in this zone.
@@ -408,10 +414,13 @@ The
.B LINK-FROM
field should appear as the
.B NAME
-field in some zone line;
-the
+field in some zone line.
+The
.B LINK-TO
-field is used as an alternate name for that zone.
+field is used as an alternate name for that zone;
+it has the same syntax as a zone line's
+.B NAME
+field.
.PP
Except for continuation lines,
lines may appear in any order in the input.
diff --git a/zic.c b/zic.c
index f18dba7..4fe0d97 100644
--- a/zic.c
+++ b/zic.c
@@ -615,6 +615,15 @@ componentcheck(char const *name, char const *component,
{
enum { component_len_max = 14 };
size_t component_len = component_end - component;
+ if (0 < component_len && component_len <= 2
+ && component[0] == '.' && component_end[-1] == '.') {
+ fprintf(stderr, _("%s: file name '%s' contains"
+ " '%.*s' component"),
+ progname, name, (int) component_len, component);
+ exit(EXIT_FAILURE);
+ }
+ if (!noise)
+ return;
if (0 < component_len && component[0] == '-')
warning(_("file name '%s' component contains leading '-'"),
name);
@@ -641,11 +650,9 @@ namecheck(const char *name)
" !\"#$%&'()*+,.0123456789:;<=>?@[\\]^`{|}~";
register char const *component = name;
- if (!noise)
- return;
for (cp = name; *cp; cp++) {
unsigned char c = *cp;
- if (!strchr(benign, c)) {
+ if (noise && !strchr(benign, c)) {
warning((strchr(printable_and_not_benign, c)
? _("file name '%s' contains byte '%c'")
: _("file name '%s' contains byte '\\%o'")),
--
1.9.1
More information about the tz
mailing list