[src/trunk]: src/usr.sbin/cron Make sure that the crontab is not an unreasona...

To: source-changes-hg%NetBSD.org@localhost
Subject: [src/trunk]: src/usr.sbin/cron Make sure that the crontab is not an unreasona...
From: cjs <cjs%NetBSD.org@localhost>
Date: Fri, 24 Jan 2020 05:50:10 +0000

details:   https://anonhg.NetBSD.org/src/rev/a659a618ca07
branches:  trunk
changeset: 471714:a659a618ca07
user:      cjs <cjs%NetBSD.org@localhost>
date:      Thu Apr 08 21:30:02 1999 +0000

description:
Make sure that the crontab is not an unreasonable size.
(Currently MAXCRONTABSIZE is 256 KB.)

diffstat:

 usr.sbin/cron/crontab.c |  23 ++++++++++++++++++++---
 1 files changed, 20 insertions(+), 3 deletions(-)

diffs (65 lines):

diff -r ba0fc8e34870 -r a659a618ca07 usr.sbin/cron/crontab.c
--- a/usr.sbin/cron/crontab.c   Thu Apr 08 21:17:14 1999 +0000
+++ b/usr.sbin/cron/crontab.c   Thu Apr 08 21:30:02 1999 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: crontab.c,v 1.12 1999/03/23 22:53:30 thorpej Exp $     */
+/*     $NetBSD: crontab.c,v 1.13 1999/04/08 21:30:02 cjs Exp $ */
 
 /* Copyright 1988,1990,1993,1994 by Paul Vixie
  * All rights reserved
@@ -22,7 +22,7 @@
 #if 0
 static char rcsid[] = "Id: crontab.c,v 2.13 1994/01/17 03:20:37 vixie Exp";
 #else
-__RCSID("$NetBSD: crontab.c,v 1.12 1999/03/23 22:53:30 thorpej Exp $");
+__RCSID("$NetBSD: crontab.c,v 1.13 1999/04/08 21:30:02 cjs Exp $");
 #endif
 #endif
 
@@ -32,6 +32,9 @@
  */
 
 
+#define MAXCRONTABSIZE (1024*256)      /* max crontab size == 256 KB */
+
+
 #define        MAIN_PROGRAM
 
 
@@ -515,6 +518,7 @@
        entry   *e;
        time_t  now = time(NULL);
        char    **envp = env_init();
+       struct  stat statbuf;
 
        (void) snprintf(n, sizeof(n), "tmp.%d", Pid);
        (void) snprintf(tn, sizeof(tn), CRON_TAB(n));
@@ -523,6 +527,19 @@
                return (-2);
        }
 
+       /* make sure that the crontab is not an unreasonable size
+        * XXX this is subject to a race condition--fix it if you like.
+        */
+       if (fstat(fileno(NewCrontab), &statbuf))  {
+           fprintf(stderr, "%s: error stat'ing crontab input: %s\n",
+               ProgramName, strerror(errno));
+           return(-2);
+       }
+       if (statbuf.st_size > MAXCRONTABSIZE)  {
+           fprintf(stderr, "%s: crontab too large\n", ProgramName);
+           return(-1);
+       }
+
        /* write a signature at the top of the file.
         *
         * VERY IMPORTANT: make sure NHEADER_LINES agrees with this code.
@@ -530,7 +547,7 @@
        fprintf(tmp, "# DO NOT EDIT THIS FILE - edit the master and reinstall.\n");
        fprintf(tmp, "# (%s installed on %-24.24s)\n", Filename, ctime(&now));
        fprintf(tmp, "# (Cron version -- %s)\n",
-           "$NetBSD: crontab.c,v 1.12 1999/03/23 22:53:30 thorpej Exp $");
+           "$NetBSD: crontab.c,v 1.13 1999/04/08 21:30:02 cjs Exp $");
 
        /* copy the crontab to the tmp
         */

Prev by Date: [src/trunk]: src/distrib/sparc - add more i-nodes to ramdisk image
Next by Date: [src/trunk]: src/sys/arch/arm32/conf Actually, we're in sync with GENERIC V1.55
Previous by Thread: [src/trunk]: src/distrib/sparc - add more i-nodes to ramdisk image
Next by Thread: [src/trunk]: src/sys/arch/arm32/conf Actually, we're in sync with GENERIC V1.55
Indexes:

Home | Main Index | Thread Index | Old Index