1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
From: Georges Khaznadar <georgesk@debian.org>
Date: Wed, 11 Oct 2023 11:43:22 +0200
Subject: protect-list
manage characters \r and \b in a special way, since one could use
them to obfuscate a crontab. This patch should close #585552
A test has been designed for autopkgtest:
file debian/tests/check-listings-protection
---
crontab.c | 11 ++++++++++-
1 file changed, 10 insertions(+), 1 deletion(-)
diff --git a/crontab.c b/crontab.c
index 555cc6c..8fe6f90 100644
--- a/crontab.c
+++ b/crontab.c
@@ -313,6 +313,8 @@ list_cmd() {
}
/* file is open. copy to stdout, close.
+ only exceptions: \b and \r which might be used to obfuscate
+ a listing.
*/
Set_LineNum(1)
@@ -343,7 +345,14 @@ list_cmd() {
}
while (EOF != (ch = get_char(f)))
- putchar(ch);
+ switch (ch) {
+ case '\b':
+ putchar('\\'); putchar('b'); break;
+ case '\r':
+ putchar('\\'); putchar('r'); break;
+ default:
+ putchar(ch);
+ }
fclose(f);
}
|
