From 76c09bf3d420093d26af7da15e9e16754d8a10a2 Mon Sep 17 00:00:00 2001
From: Robert Hensing <robert@roberthensing.nl>
Date: Thu, 11 Dec 2025 15:52:34 +0100
Subject: [PATCH] Fix nix-build.cc double getenv("TZ") race condition

This is mostly theoretical, but the code was calling getenv("TZ")
twice: once to check if it's non-null, and again to get its value.
This creates a potential race condition where the environment could
change between calls.
---
 src/nix/nix-build/nix-build.cc | 4 +++-
 1 file changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/nix/nix-build/nix-build.cc b/src/nix/nix-build/nix-build.cc
index a21d1a565..53dc46eaa 100644
--- a/src/nix/nix-build/nix-build.cc
+++ b/src/nix/nix-build/nix-build.cc
@@ -613,6 +613,8 @@ static void main_nix_build(int argc, char ** argv)
            environment variables and shell functions.  Also don't
            lose the current $PATH directories. */
         auto rcfile = (tmpDir.path() / "rc").string();
+        auto tz = getEnv("TZ");
+        auto tzExport = tz ? "export TZ=" + escapeShellArgAlways(*tz) + "; " : "";
         std::string rc = fmt(
                 (R"(_nix_shell_clean_tmpdir() { command rm -rf %1%; };)"s
                   "trap _nix_shell_clean_tmpdir EXIT; "
@@ -646,7 +648,7 @@ static void main_nix_build(int argc, char ** argv)
                 (pure ? "" : "PATH=$PATH:$p; unset p; "),
                 escapeShellArgAlways(dirOf(*shell)),
                 escapeShellArgAlways(*shell),
-                (getenv("TZ") ? (std::string("export TZ=") + escapeShellArgAlways(getenv("TZ")) + "; ") : ""),
+                tzExport,
                 envCommand);
         vomit("Sourcing nix-shell with file %s and contents:\n%s", rcfile, rc);
         writeFile(rcfile, rc);