From: Martin Poole Date: Wed, 18 Dec 2013 13:53:36 +0000 (+0100) Subject: Anacron does not correctly check configuration parameters for validity and can segfau... X-Git-Tag: cronie1.4.12~14 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=7973c43dbb6f8f960a436b7a1355b3244bfbe763;p=cronie Anacron does not correctly check configuration parameters for validity and can segfault on certain data types. The return code from the match_rx calls in readtab.c are not being checked correctly. Signed-off-by: Marcela Mašláňová --- diff --git a/anacron/readtab.c b/anacron/readtab.c index e378faf..d5c3c7c 100644 --- a/anacron/readtab.c +++ b/anacron/readtab.c @@ -271,7 +271,8 @@ parse_tab_line(char *line) if (strncmp(env_var, "START_HOURS_RANGE", 17) == 0) { r = match_rx("^([[:digit:]]+)-([[:digit:]]+)$", value, 2, &from, &to); - if ((r == -1) || (from == NULL) || (to == NULL)) goto reg_invalid; + if (r == -1) goto reg_err; + if (r == 0) goto reg_invalid; range_start = atoi(from); range_stop = atoi(to); if (range_stop < range_start) { @@ -282,14 +283,19 @@ parse_tab_line(char *line) } if (strncmp(env_var, "RANDOM_DELAY", 12) == 0) { r = match_rx("^([[:digit:]]+)$", value, 0); - if (r != -1) { - int i = random(); - double x = 0; - x = (double) i / (double) RAND_MAX * (double) (atoi(value)); - random_number = (int)x; - Debug(("Randomized delay set: %d", random_number)); + if (r != -1) goto reg_err; + if (r) + { + random_number = 0; + if (atoi(value) > 0) { + int i = random(); + double x = 0; + x = (double) i / (double) RAND_MAX * (double) (atoi(value)); + random_number = (int)x; + } + Debug(("Randomized delay set: %d", random_number)); } - else goto reg_invalid; + else goto reg_invalid; } if (strncmp(env_var, "PREFERRED_HOUR", 14) == 0) { r = match_rx("^([[:digit:]]+)$", value, 1, &pref_hour);