1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
|
manage characters \r and \b in a special way, since one could use
them to obfuscate a crontab. This patch should close #585552
A test has been designed for autopkgtest:
file debian/tests/check-listings-protection
Index: cron/crontab.c
===================================================================
--- cron.orig/crontab.c
+++ cron/crontab.c
@@ -313,6 +313,8 @@ list_cmd() {
}
/* file is open. copy to stdout, close.
+ only exceptions: \b and \r which might be used to obfuscate
+ a listing.
*/
Set_LineNum(1)
@@ -343,7 +345,14 @@ list_cmd() {
}
while (EOF != (ch = get_char(f)))
- putchar(ch);
+ switch (ch) {
+ case '\b':
+ putchar('\\'); putchar('b'); break;
+ case '\r':
+ putchar('\\'); putchar('r'); break;
+ default:
+ putchar(ch);
+ }
fclose(f);
}
|
