On Sat, Feb 05, 2011 at 02:48:54PM -0500, Lawrence Teo wrote:
> When "crontab -l" is used to list a user's crontab file, crontab(1)
> expects the crontab file to have three comment lines at the top.
>
> However, if there are fewer than three comment lines or if they are
> completely absent, crontab(1) will segfault when the
> ignore_comments() function tries to use putc() to write to the
> NewCrontab FILE pointer, which is NULL since NewCrontab is never
> opened when "crontab -l" is used.
>
> For example:
>
> # cat /var/cron/tabs/lteo
> 0 0 * * * /bin/true
> # crontab -u lteo -l
> Segmentation fault
>
> The following diff fixes this bug by telling ignore_comments() to
> use putchar() if NewCrontab is NULL so that the crontab file is
> written to stdout instead. It also explicitly initializes
> NewCrontab to NULL at the beginning of main().
Oops, forgot the diff. :)
Lawrence
Index: crontab.c
===================================================================
RCS file: /cvs/src/usr.sbin/cron/crontab.c,v
retrieving revision 1.59
diff -u -p -r1.59 crontab.c
--- crontab.c 31 Jan 2011 18:02:56 -0000 1.59
+++ crontab.c 5 Feb 2011 19:36:05 -0000
@@ -79,6 +79,7 @@ main(int argc, char *argv[]) {
Pid = getpid();
ProgramName = argv[0];
+ NewCrontab = NULL;
setlocale(LC_ALL, "");
@@ -693,7 +694,10 @@ ignore_comments(FILE *f) {
x = 0;
while (EOF != (ch = get_char(f))) {
if ('#' != ch) {
- putc(ch, NewCrontab);
+ if (NewCrontab != NULL)
+ putc(ch, NewCrontab);
+ else
+ putchar(ch);
break;
}
while (EOF != (ch = get_char(f)))
