[Pkg-cron-devel] [pkg-cron] 15/19: Error out when a command field is too long

Christian Kastner chrisk-guest at moszumanska.debian.org
Fri Oct 10 15:18:41 UTC 2014 

This is an automated email from the git hooks/post-receive script.

chrisk-guest pushed a commit to branch ckk/cron-125
in repository pkg-cron.

commit 536daf9d826278514a919aa98380e15b01eacd94
Author: Christian Kastner <debian at kvr.at>
Date:   Thu Oct 9 19:49:59 2014 +0200

    Error out when a command field is too long
    
    Commands have a maximum length. When hitting this maximum, generate an error
    instead of silently truncated the command.
    
    Closes: #686223
---
 crontab.5 |  3 ++-
 entry.c   | 14 ++++++++++++--
 2 files changed, 14 insertions(+), 3 deletions(-)

diff --git a/crontab.5 b/crontab.5
index 3d32a8e..66ba2e4 100644
--- a/crontab.5
+++ b/crontab.5
@@ -135,7 +135,8 @@ followed by a command, followed by a newline character ('\\n').
 The system crontab (/etc/crontab) uses the same format, except that
 the username for the command is specified after the time and
 date fields and before the command. The fields may be separated
-by spaces or tabs.
+by spaces or tabs. The maximum permitted length for the command field is
+998 characters.
 .PP
 Commands are executed by
 .IR cron (8)
diff --git a/entry.c b/entry.c
index e0dca75..8dfda0f 100644
--- a/entry.c
+++ b/entry.c
@@ -31,7 +31,7 @@ static char rcsid[] = "$Id: entry.c,v 2.12 1994/01/17 03:20:37 vixie Exp $";
 
 typedef	enum ecode {
 	e_none, e_minute, e_hour, e_dom, e_month, e_dow,
-	e_cmd, e_timespec, e_username
+	e_cmd, e_timespec, e_username, e_cmd_len
 } ecode_e;
 
 static char	get_list __P((bitstr_t *, int, int, char *[], int, FILE *)),
@@ -50,6 +50,7 @@ static char *ecodes[] =
 		"bad command",
 		"bad time specifier",
 		"bad username",
+		"command too long",
 	};
 
 
@@ -315,9 +316,18 @@ load_entry(file, error_func, pw, envp)
 	/* Everything up to the next \n or EOF is part of the command...
 	 * too bad we don't know in advance how long it will be, since we
 	 * need to malloc a string for it... so, we limit it to MAX_COMMAND.
+	 *
+	 * To err on the side of caution, if the command string length is
+	 * equal to MAX_COMMAND, we will assume that the command has been
+	 * truncated and generate an error.
+	 *
 	 * XXX - should use realloc().
-	 */ 
+	 */
 	ch = get_string(cmd, MAX_COMMAND, file, "\n");
+	if (strnlen(cmd, MAX_COMMAND) == MAX_COMMAND - 1) {
+		ecode = e_cmd_len;
+		goto eof;
+	}
 
 	/* a file without a \n before the EOF is rude, so we'll complain...
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-cron/pkg-cron.git

More information about the Pkg-cron-devel mailing list