From a09f1a62c829cf3c49e7530a6940a2b24b381dc6 Mon Sep 17 00:00:00 2001 From: Thibault Godouet Date: Wed, 5 Dec 2012 19:52:18 +0000 Subject: [PATCH] fixed a potential (unlikely) 1 byte buffer overflow in strncat() --- doc/en/changes.sgml | 31 +++++++++++++++++++++++++++++-- doc/en/todo.sgml | 11 +---------- socket.c | 2 +- 3 files changed, 31 insertions(+), 13 deletions(-) diff --git a/doc/en/changes.sgml b/doc/en/changes.sgml index a734416..8a3a74e 100644 --- a/doc/en/changes.sgml +++ b/doc/en/changes.sgml @@ -14,14 +14,41 @@ A copy of the license is included in gfdl.sgml. From version 3.0.6 to 3.1.0 + + Vixie cron compatibility: added options @reboot, @daily, @hourly, etc. Also added more generic options runatreboot, rebootreset and runonce. + + + Pass fcrondyn client credentials through the socket when possible so as the user doesn't need to type his password when using fcrondyn. + added audit (libaudit) support Better validation of string arguments of fcrontab options. In particular for timezones, previously a space could be added at the beginning or the end of the timezone with no warning, and this led fcron to use an unexpected timezone, which could cause confusion. - - Pass fcrondyn client credentials through the socket when possible so as the user doesn't need to type his password when using fcrondyn. + + Allow tasks to run every seconds + + + fcron now sets the email headers X-Cron-Env and Auto-Submitted (as described in RFC 3834). + + + email encoding: fcron now sets the email headers Content-Type and Content-Transfer-Encoding. They can be controlled by setting the CONTENT_TYPE and CONTENT_TRANSFER_ENCODING variables in fcrontabs. + + + Added systemd service definition (thank you Reiner) + + + bug fix: fcrontab: don't alert about invalid character when correcting fcrontab twice + + + bug fix: fixed free_safe() function (replaced by macro). + + + bug fix: configure script: usage of sendmail couldn't be disabled + + + bug fix: fixed a potential (unlikely) 1 byte overflow in strncat() in socket.c Quite a lot of code clean-up and refactoring -- e.g. implemented generic unordred list for lavgq / exeq. diff --git a/doc/en/todo.sgml b/doc/en/todo.sgml index b5dfa77..5f01587 100644 --- a/doc/en/todo.sgml +++ b/doc/en/todo.sgml @@ -23,12 +23,6 @@ A copy of the license is included in gfdl.sgml. High priority - - @reboot: test updated startup script with removal of fcron.reboot + add to other scripts? - - - add audit (libaudit) + TEST - @@ -66,10 +60,7 @@ A copy of the license is included in gfdl.sgml. (file/line lists, serial queue, lavg list, exe list), and work with them only through functions/macros. + secure equivalent to str[n]{cat|copy|...} - Note: may introduce bugs, so it will be done in fcron 3.1.x, and needs to be tested thoroughly.. - - - Mem footprint reduction: use an/some union(s) in CL struct. + Note: may introduce bugs, so it will be done in fcron 3.1.x, and needs to be tested thoroughly. For environment settings, make a var substitution. diff --git a/socket.c b/socket.c index 9eb62a4..dec56d4 100644 --- a/socket.c +++ b/socket.c @@ -372,7 +372,7 @@ auth_client_password(struct fcrondyn_cl *client) len += (sizeof(FIELD_STR)-1); \ } #define Add_field(FIELD_STR) \ - strncat(fields, FIELD_STR, sizeof(fields) - len); \ + strncat(fields, FIELD_STR, sizeof(fields) - len - 1); \ len += (sizeof(FIELD_STR)-1); void -- 2.40.0