1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
|
From: Christian Kastner <ckk@kvr.at>
Date: Fri, 25 Dec 2015 12:36:31 +0100
Subject: crontab must be a regular file
Ensure that the crontab opened in SPOOL_DIR a regular file.
Fix provided by Steve Greenland <stevegr@debian.org>.
Forwarded: no
Last-Update: 2015-12-25
---
crontab.c | 10 ++++++++++
1 file changed, 10 insertions(+)
diff --git a/crontab.c b/crontab.c
index 77e3949..24de55f 100644
--- a/crontab.c
+++ b/crontab.c
@@ -143,6 +143,7 @@ parse_args(argc, argv)
char *argv[];
{
int argch;
+ struct stat statbuf;
if (!(pw = getpwuid(getuid()))) {
fprintf(stderr, "%s: your UID isn't in the passwd file.\n",
@@ -243,6 +244,15 @@ parse_args(argc, argv)
perror(Filename);
exit(ERROR_EXIT);
}
+ /* Make sure we opened a normal file. */
+ if (fstat(fileno(NewCrontab), &statbuf) < 0) {
+ perror("fstat");
+ exit(ERROR_EXIT);
+ }
+ if (!S_ISREG(statbuf.st_mode)) {
+ fprintf(stderr, "%s: Not a regular file.\n", Filename);
+ exit(ERROR_EXIT);
+ }
if (swap_uids_back() < OK) {
perror("swapping uids back");
exit(ERROR_EXIT);
|
