1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
|
From: Christian Kastner <ckk@kvr.at>
Date: Tue, 22 Dec 2015 15:59:51 +0100
Subject: Entry time range check
Explicitly check for sane values in time ranges. Certain invalid combinations
of ranges and steps weren't being detected, eg:
5-64/30 * * * * touch /dev/null
contains an invalid minute "64".
Bug-Debian: https://bugs.debian.org/533726
Forwarded: no
Last-Update: 2015-12-22
---
entry.c | 11 +++++++++++
1 file changed, 11 insertions(+)
diff --git a/entry.c b/entry.c
index 511ccfa..567562f 100644
--- a/entry.c
+++ b/entry.c
@@ -479,6 +479,17 @@ get_range(bits, low, high, names, ch, file)
num3 = 1;
}
+ /* Explicitly check for sane values. Certain combinations of ranges and
+ * steps which should return EOF don't get picked up by the code below,
+ * eg:
+ * 5-64/30 * * * * touch /dev/null
+ *
+ * Code adapted from set_elements() where this error was probably intended
+ * to be catched.
+ */
+ if (num1 < low || num1 > high || num2 < low || num2 > high)
+ return EOF;
+
/* range. set all elements from num1 to num2, stepping
* by num3. (the step is a downward-compatible extension
* proposed conceptually by bob@acornrc, syntactically
|
