File tree Expand file tree Collapse file tree 1 file changed +7
-0
lines changed Expand file tree Collapse file tree 1 file changed +7
-0
lines changed Original file line number Diff line number Diff line change @@ -189,12 +189,19 @@ impl Tzif {
189189
190190 #[ cfg( target_family = "unix" ) ]
191191 pub fn read_tzif ( identifier : & str ) -> TemporalResult < Self > {
192+ // Protect from path traversal attacks
193+ if ( identifier. starts_with ( '/' ) || identifier. contains ( '.' ) ) {
194+ return Err ( TemporalError :: range ( "Ill-formed timezone identifier" ) ) ;
195+ }
192196 let mut path = PathBuf :: from ( ZONEINFO_DIR ) ;
193197 path. push ( identifier) ;
194198 Self :: from_path ( & path)
195199 }
196200
197201 pub fn from_path ( path : & Path ) -> TemporalResult < Self > {
202+ if !path. exists ( ) {
203+ return Err ( TemporalError :: range ( "Unknown timezone identifier" ) ) ;
204+ }
198205 tzif:: parse_tzif_file ( path)
199206 . map ( Into :: into)
200207 . map_err ( |e| TemporalError :: general ( e. to_string ( ) ) )
You can’t perform that action at this time.
0 commit comments