File: crontab-entry-parsing-fixes.patch

package info (click to toggle)
cron 3.0pl1-198
  • links: PTS, VCS
  • area: main
  • in suites: forky, sid
  • size: 3,824 kB
  • sloc: ansic: 54,879; xml: 1,600; perl: 733; sh: 495; makefile: 446; python: 43
file content (71 lines) | stat: -rw-r--r-- 2,163 bytes parent folder | download | duplicates (2) 
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
 
From: Christian Kastner <ckk@kvr.at>
Date: Mon, 21 Dec 2015 22:54:04 +0100
Subject: crontab entry parsing fixes

Handle various entry parsing bugs:
  * Steve Greenland <stevegr@debian.org> noticed that whitespace between
    @symbolic names and commands weren't all being skipped
  * Steve Greenland noticed that get_number() did not detect invalid number
    specifications early enough
  * Steve Greenland discovered that invalid step sizes weren't being detected
  * Justin T. Pryzby <justinpryzby@users.sourceforge.net> discovered that steps
    without a range (an invalid specification) weren't detected

Bug-Debian: https://bugs.debian.org/62141
Bug-Debian: https://bugs.debian.org/84727
Bug-Debian: https://bugs.debian.org/183650
Bug-Debian: https://bugs.debian.org/733478
Forwarded: no
Last-Update: 2015-12-21
---
 entry.c | 16 +++++++++++++++-
 1 file changed, 15 insertions(+), 1 deletion(-)

diff --git a/entry.c b/entry.c
index 429d8c0..511ccfa 100644
--- a/entry.c
+++ b/entry.c
@@ -226,6 +226,9 @@ load_entry(file, error_func, pw, envp)
 		bit_set(e->dow, 7);
 	}
 
+	/* If we used one of the @commands, we may be pointing at
+	   blanks, and if we don't skip over them, we'll miss the user/command */
+	Skip_Blanks(ch, file);
 	/* ch is the first character of a command, or a username */
 	unget_char(ch, file);
 
@@ -428,6 +431,13 @@ get_range(bits, low, high, names, ch, file)
 		if (ch != '-') {
 			/* not a range, it's a single number.
 			 */
+
+			/* Unsupported syntax: Step specified without range,
+			   eg:   1/20 * * * * /bin/echo "this fails"
+			 */
+			if (ch == '/')
+				return EOF;
+
 			if (EOF == set_element(bits, low, high, num1))
 				return EOF;
 			return ch;
@@ -461,7 +471,7 @@ get_range(bits, low, high, names, ch, file)
 		 * sent as a 0 since there is no offset either.
 		 */
 		ch = get_number(&num3, 0, PPC_NULL, ch, file);
-		if (ch == EOF)
+		if (ch == EOF || num3 <= 0)
 			return EOF;
 	} else {
 		/* no step.  default==1.
@@ -511,6 +521,10 @@ get_number(numptr, low, names, ch, file)
 	}
 	*pc = '\0';
 
+	if (len == 0) {
+		return EOF;
+	}
+
 	/* try to find the name in the name list
 	 */
 	if (names) {