diff -ru cronie-1.5.2/anacron/readtab.c cronie-1.5.2_patched/anacron/readtab.c
--- cronie-1.5.2/anacron/readtab.c 2017-09-14 13:53:21.000000000 +0200
+++ cronie-1.5.2_patched/anacron/readtab.c 2018-09-07 15:13:17.752498050 +0200
@@ -134,8 +134,19 @@
var_len = (int)strlen(env_var);
val_len = (int)strlen(value);
+ if (!var_len) {
+ return;
+ }
+
er = obstack_alloc(&tab_o, sizeof(env_rec));
+ if (er == NULL) {
+ die_e("Cannot allocate memory.");
+ }
+
er->assign = obstack_alloc(&tab_o, var_len + 1 + val_len + 1);
+ if (er->assign == NULL) {
+ die_e("Cannot allocate memory.");
+ }
strcpy(er->assign, env_var);
er->assign[var_len] = '=';
strcpy(er->assign + var_len + 1, value);
@@ -167,15 +178,24 @@
return;
}
jr = obstack_alloc(&tab_o, sizeof(job_rec));
+ if (jr == NULL) {
+ die_e("Cannot allocate memory.");
+ }
jr->period = period;
jr->named_period = 0;
delay += random_number;
jr->delay = delay;
jr->tab_line = line_num;
jr->ident = obstack_alloc(&tab_o, ident_len + 1);
+ if (jr->ident == NULL) {
+ die_e("Cannot allocate memory.");
+ }
strcpy(jr->ident, ident);
jr->arg_num = job_arg_num(ident);
jr->command = obstack_alloc(&tab_o, command_len + 1);
+ if (jr->command == NULL) {
+ die_e("Cannot allocate memory.");
+ }
strcpy(jr->command, command);
jr->job_pid = jr->mailer_pid = 0;
if (last_job_rec != NULL) last_job_rec->next = jr;
@@ -208,6 +228,9 @@
}
jr = obstack_alloc(&tab_o, sizeof(job_rec));
+ if (jr == NULL) {
+ die_e("Cannot allocate memory.");
+ }
if (!strncmp ("@monthly", periods, 8)) {
jr->named_period = 1;
} else if (!strncmp("@yearly", periods, 7) || !strncmp("@annually", periods, 9) || !strncmp(/* backwards compat misspelling */"@annualy", periods, 8)) {
@@ -225,9 +248,15 @@
jr->delay = delay;
jr->tab_line = line_num;
jr->ident = obstack_alloc(&tab_o, ident_len + 1);
+ if (jr->ident == NULL) {
+ die_e("Cannot allocate memory.");
+ }
strcpy(jr->ident, ident);
jr->arg_num = job_arg_num(ident);
jr->command = obstack_alloc(&tab_o, command_len + 1);
+ if (jr->command == NULL) {
+ die_e("Cannot allocate memory.");
+ }
strcpy(jr->command, command);
jr->job_pid = jr->mailer_pid = 0;
if (last_job_rec != NULL) last_job_rec->next = jr;
diff -ru cronie-1.5.2/anacron/runjob.c cronie-1.5.2_patched/anacron/runjob.c
--- cronie-1.5.2/anacron/runjob.c 2018-01-24 17:02:33.000000000 +0100
+++ cronie-1.5.2_patched/anacron/runjob.c 2018-09-07 15:13:17.752498050 +0200
@@ -104,9 +104,44 @@
static void
xputenv(const char *s)
{
- char *copy = strdup (s);
- if (!copy) die_e("Not enough memory to set the environment");
- if (putenv(copy)) die_e("Can't set the environment");
+ char *name = NULL, *val = NULL;
+ char *eq_ptr;
+ const char *errmsg;
+ size_t eq_index;
+
+ if (s == NULL) {
+ die_e("Invalid environment string");
+ }
+
+ eq_ptr = strchr(s, '=');
+ if (eq_ptr == NULL) {
+ die_e("Invalid environment string");
+ }
+
+ eq_index = (size_t) (eq_ptr - s);
+
+ name = malloc((eq_index + 1) * sizeof(char));
+ if (name == NULL) {
+ die_e("Not enough memory to set the environment");
+ }
+
+ val = malloc((strlen(s) - eq_index) * sizeof(char));
+ if (val == NULL) {
+ die_e("Not enough memory to set the environment");
+ }
+
+ strncpy(name, s, eq_index);
+ name[eq_index] = '\0';
+ strcpy(val, s + eq_index + 1);
+
+ if (setenv(name, val, 1)) {
+ die_e("Can't set the environment");
+ }
+
+ free(name);
+ free(val);
+ return;
+
}
static void
diff -ru cronie-1.5.2/src/entry.c cronie-1.5.2_patched/src/entry.c
--- cronie-1.5.2/src/entry.c 2017-09-14 13:53:21.000000000 +0200
+++ cronie-1.5.2_patched/src/entry.c 2018-09-07 15:13:17.752498050 +0200
@@ -131,8 +131,10 @@
goto eof;
}
ch = get_char(file);
- if (ch == EOF)
+ if (ch == EOF) {
+ free(e);
return NULL;
+ }
}
if (ch == '@') {