Re: vixie cron possible local root compromise

[Flavio Veloso <flaviovs () MAGNUX COM BR>]

On Thu, 15 Feb 2001, Peter W wrote:

> I can't believe how much has been written about an issue
> that's apparently fixed with a few lines of code.
>
> More patches, less pedantic finger pointing. Bottom line
> is the app does not, cannot enforce length constraints on
> usernames, so it needs to do proper bounds checking.

Here's the patch. It doen't matter how big is the limit of user names
on the system, it just doesn't allow people to stuff crontab with data
that it can't handle.

diff -Nru cron3.0pl1.orig/crontab.c cron3.0pl1/crontab.c
--- cron3.0pl1.orig/crontab.c   Tue Feb 13 14:39:04 2001
+++ cron3.0pl1/crontab.c        Tue Feb 13 14:43:47 2001
@@ -143,6 +143,13 @@
                fprintf(stderr, "bailing out.\n");
                exit(ERROR_EXIT);
        }
+       if ( strlen(pw->pw_name) > (sizeof(User)-1) )
+       {
+               fprintf(stderr, "%s: your login name is too long.\n",
+                       ProgramName);
+               fprintf(stderr, "bailing out.\n");
+               exit(ERROR_EXIT);
+       }
        strcpy(User, pw->pw_name);
        strcpy(RealUser, User);
        Filename[0] = '\0';

--
Flávio