From: Christian Kastner Date: Mon Dec 21 22:54:04 CET 2015 Subject: crontab entry parsing fixes Handle various entry parsing bugs: * Steve Greenland noticed that whitespace between @symbolic names and commands weren't all being skipped * Steve Greenland noticed that get_number() did not detect invalid number specifications early enough * Steve Greenland discovered that invalid step sizes weren't being detected * Justin T. Pryzby discovered that steps without a range (an invalid specification) weren't detected Bug-Debian: https://bugs.debian.org/62141 Bug-Debian: https://bugs.debian.org/84727 Bug-Debian: https://bugs.debian.org/183650 Bug-Debian: https://bugs.debian.org/733478 Forwarded: no Last-Update: 2015-12-21 Index: cron/entry.c =================================================================== --- cron.orig/entry.c +++ cron/entry.c @@ -226,6 +226,9 @@ load_entry(file, error_func, pw, envp) bit_set(e->dow, 7); } + /* If we used one of the @commands, we may be pointing at + blanks, and if we don't skip over them, we'll miss the user/command */ + Skip_Blanks(ch, file); /* ch is the first character of a command, or a username */ unget_char(ch, file); @@ -428,6 +431,13 @@ get_range(bits, low, high, names, ch, fi if (ch != '-') { /* not a range, it's a single number. */ + + /* Unsupported syntax: Step specified without range, + eg: 1/20 * * * * /bin/echo "this fails" + */ + if (ch == '/') + return EOF; + if (EOF == set_element(bits, low, high, num1)) return EOF; return ch; @@ -461,7 +471,7 @@ get_range(bits, low, high, names, ch, fi * sent as a 0 since there is no offset either. */ ch = get_number(&num3, 0, PPC_NULL, ch, file); - if (ch == EOF) + if (ch == EOF || num3 <= 0) return EOF; } else { /* no step. default==1. @@ -511,6 +521,10 @@ get_number(numptr, low, names, ch, file) } *pc = '\0'; + if (len == 0) { + return EOF; + } + /* try to find the name in the name list */ if (names) {