From fa3af9f4d9b7c47a5daae99011451ae34c0df378 Mon Sep 17 00:00:00 2001 From: "Todd C. Miller" Date: Sun, 7 May 2023 13:43:14 +0000 Subject: cron: check for garbage after the '~' in a random range. A bug in the parsing of the optional number after the '~' in a random range prevented proper syntax checking. OK kn@ --- usr.sbin/cron/entry.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'usr.sbin/cron/entry.c') diff --git a/usr.sbin/cron/entry.c b/usr.sbin/cron/entry.c index 0fc853edbd9..0d7a8526dfd 100644 --- a/usr.sbin/cron/entry.c +++ b/usr.sbin/cron/entry.c @@ -1,4 +1,4 @@ -/* $OpenBSD: entry.c,v 1.54 2023/05/06 23:06:27 millert Exp $ */ +/* $OpenBSD: entry.c,v 1.55 2023/05/07 13:43:13 millert Exp $ */ /* * Copyright 1988,1990,1993,1994 by Paul Vixie @@ -499,8 +499,15 @@ get_range(bitstr_t *bits, int low, int high, const char *names[], /* get the (optional) number following the tilde */ ch = get_number(&num2, low, names, ch, file, "/, \t\n"); - if (ch == EOF) + if (ch == EOF) { + /* no second number, check for valid terminator + */ ch = get_char(file); + if (!strchr("/, \t\n", ch)) { + unget_char(ch, file); + return (EOF); + } + } if (ch == EOF || num1 > num2) { unget_char(ch, file); return (EOF); -- cgit v1.2.3