[Pkg-cron-devel] [pkg-cron] 15/19: Error out when a command field is too long
Christian Kastner
chrisk-guest at moszumanska.debian.org
Fri Oct 10 15:18:41 UTC 2014
This is an automated email from the git hooks/post-receive script.
chrisk-guest pushed a commit to branch ckk/cron-125
in repository pkg-cron.
commit 536daf9d826278514a919aa98380e15b01eacd94
Author: Christian Kastner <debian at kvr.at>
Date: Thu Oct 9 19:49:59 2014 +0200
Error out when a command field is too long
Commands have a maximum length. When hitting this maximum, generate an error
instead of silently truncated the command.
Closes: #686223
---
crontab.5 | 3 ++-
entry.c | 14 ++++++++++++--
2 files changed, 14 insertions(+), 3 deletions(-)
diff --git a/crontab.5 b/crontab.5
index 3d32a8e..66ba2e4 100644
--- a/crontab.5
+++ b/crontab.5
@@ -135,7 +135,8 @@ followed by a command, followed by a newline character ('\\n').
The system crontab (/etc/crontab) uses the same format, except that
the username for the command is specified after the time and
date fields and before the command. The fields may be separated
-by spaces or tabs.
+by spaces or tabs. The maximum permitted length for the command field is
+998 characters.
.PP
Commands are executed by
.IR cron (8)
diff --git a/entry.c b/entry.c
index e0dca75..8dfda0f 100644
--- a/entry.c
+++ b/entry.c
@@ -31,7 +31,7 @@ static char rcsid[] = "$Id: entry.c,v 2.12 1994/01/17 03:20:37 vixie Exp $";
typedef enum ecode {
e_none, e_minute, e_hour, e_dom, e_month, e_dow,
- e_cmd, e_timespec, e_username
+ e_cmd, e_timespec, e_username, e_cmd_len
} ecode_e;
static char get_list __P((bitstr_t *, int, int, char *[], int, FILE *)),
@@ -50,6 +50,7 @@ static char *ecodes[] =
"bad command",
"bad time specifier",
"bad username",
+ "command too long",
};
@@ -315,9 +316,18 @@ load_entry(file, error_func, pw, envp)
/* Everything up to the next \n or EOF is part of the command...
* too bad we don't know in advance how long it will be, since we
* need to malloc a string for it... so, we limit it to MAX_COMMAND.
+ *
+ * To err on the side of caution, if the command string length is
+ * equal to MAX_COMMAND, we will assume that the command has been
+ * truncated and generate an error.
+ *
* XXX - should use realloc().
- */
+ */
ch = get_string(cmd, MAX_COMMAND, file, "\n");
+ if (strnlen(cmd, MAX_COMMAND) == MAX_COMMAND - 1) {
+ ecode = e_cmd_len;
+ goto eof;
+ }
/* a file without a \n before the EOF is rude, so we'll complain...
--
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-cron/pkg-cron.git
More information about the Pkg-cron-devel
mailing list