Blob Blame History Raw
diff -ru cronie-1.5.2/anacron/readtab.c cronie-1.5.2_patched/anacron/readtab.c
--- cronie-1.5.2/anacron/readtab.c	2017-09-14 13:53:21.000000000 +0200
+++ cronie-1.5.2_patched/anacron/readtab.c	2018-09-07 15:13:17.752498050 +0200
@@ -134,8 +134,19 @@
 
     var_len = (int)strlen(env_var);
     val_len = (int)strlen(value);
+    if (!var_len) {
+        return;
+    }
+
     er = obstack_alloc(&tab_o, sizeof(env_rec));
+    if (er == NULL) {
+        die_e("Cannot allocate memory.");
+    }
+
     er->assign = obstack_alloc(&tab_o, var_len + 1 + val_len + 1);
+    if (er->assign == NULL) {
+        die_e("Cannot allocate memory.");
+    }
     strcpy(er->assign, env_var);
     er->assign[var_len] = '=';
     strcpy(er->assign + var_len + 1, value);
@@ -167,15 +178,24 @@
 	return;
     }
     jr = obstack_alloc(&tab_o, sizeof(job_rec));
+    if (jr == NULL) {
+        die_e("Cannot allocate memory.");
+    }
     jr->period = period;
     jr->named_period = 0;
     delay += random_number;
     jr->delay = delay;
     jr->tab_line = line_num;
     jr->ident = obstack_alloc(&tab_o, ident_len + 1);
+    if (jr->ident == NULL) {
+        die_e("Cannot allocate memory.");
+    }
     strcpy(jr->ident, ident);
     jr->arg_num = job_arg_num(ident);
     jr->command = obstack_alloc(&tab_o, command_len + 1);
+    if (jr->command == NULL) {
+        die_e("Cannot allocate memory.");
+    }
     strcpy(jr->command, command);
     jr->job_pid = jr->mailer_pid = 0;
     if (last_job_rec != NULL) last_job_rec->next = jr;
@@ -208,6 +228,9 @@
     }
 
     jr = obstack_alloc(&tab_o, sizeof(job_rec));
+    if (jr == NULL) {
+        die_e("Cannot allocate memory.");
+    }
     if (!strncmp ("@monthly", periods, 8)) {
 		jr->named_period = 1;
     } else if (!strncmp("@yearly", periods, 7) || !strncmp("@annually", periods, 9) || !strncmp(/* backwards compat misspelling */"@annualy", periods, 8)) {
@@ -225,9 +248,15 @@
     jr->delay = delay;
     jr->tab_line = line_num;
     jr->ident = obstack_alloc(&tab_o, ident_len + 1);
+    if (jr->ident == NULL) {
+        die_e("Cannot allocate memory.");
+    }
     strcpy(jr->ident, ident);
     jr->arg_num = job_arg_num(ident);
     jr->command = obstack_alloc(&tab_o, command_len + 1);
+    if (jr->command == NULL) {
+        die_e("Cannot allocate memory.");
+    }
     strcpy(jr->command, command);
     jr->job_pid = jr->mailer_pid = 0;
     if (last_job_rec != NULL) last_job_rec->next = jr;
diff -ru cronie-1.5.2/anacron/runjob.c cronie-1.5.2_patched/anacron/runjob.c
--- cronie-1.5.2/anacron/runjob.c	2018-01-24 17:02:33.000000000 +0100
+++ cronie-1.5.2_patched/anacron/runjob.c	2018-09-07 15:13:17.752498050 +0200
@@ -104,9 +104,44 @@
 static void
 xputenv(const char *s)
 {
-    char *copy = strdup (s);
-    if (!copy) die_e("Not enough memory to set the environment");
-    if (putenv(copy)) die_e("Can't set the environment");
+    char *name = NULL, *val = NULL;
+    char *eq_ptr;
+    const char *errmsg;
+    size_t eq_index;
+
+    if (s == NULL) {
+        die_e("Invalid environment string");
+    }
+
+    eq_ptr = strchr(s, '=');
+    if (eq_ptr == NULL) {
+        die_e("Invalid environment string");
+    }
+
+    eq_index = (size_t) (eq_ptr - s);
+
+    name = malloc((eq_index + 1) * sizeof(char));
+    if (name == NULL) {
+        die_e("Not enough memory to set the environment");
+    }
+
+    val = malloc((strlen(s) - eq_index) * sizeof(char));
+    if (val == NULL) {
+        die_e("Not enough memory to set the environment");
+    }
+
+    strncpy(name, s, eq_index);
+    name[eq_index] = '\0';
+    strcpy(val, s + eq_index + 1);
+
+    if (setenv(name, val, 1)) {
+        die_e("Can't set the environment");
+    }
+
+    free(name);
+    free(val);
+    return;
+
 }
 
 static void
diff -ru cronie-1.5.2/src/entry.c cronie-1.5.2_patched/src/entry.c
--- cronie-1.5.2/src/entry.c	2017-09-14 13:53:21.000000000 +0200
+++ cronie-1.5.2_patched/src/entry.c	2018-09-07 15:13:17.752498050 +0200
@@ -131,8 +131,10 @@
 			goto eof;
 		}
 		ch = get_char(file);
-		if (ch == EOF)
+		if (ch == EOF) {
+			free(e);
 			return NULL;
+		}
 	}
 
 	if (ch == '@') {