Now that the random range changes are committed I would like to revisit this diff.
This fixes two issues with the parsing of random values: 1) Garbage after a random value is now detected. This fixes a bug in the random range parsing that handles the optional final number. For example: ~foo * * * * echo invalid 0~59bar * * * * echo invalid 10~%$! * * * * echo invalid These kind of syntax errors are already detected for normal ranges. 2) Bounds check the high and low numbers in a random range. Previously, only the final randomized number was bounds-checked (which is usually too late). The bounds are checked for normal ranges in set_element() but in the case of random ranges this is too late. The following invalid entry is now rejected. 0~60 * * * * echo max minute is 59 Whereas before it would work most (but not all!) of the time. OK? - todd Index: usr.sbin/cron/entry.c =================================================================== RCS file: /cvs/src/usr.sbin/cron/entry.c,v retrieving revision 1.54 diff -u -p -u -r1.54 entry.c --- usr.sbin/cron/entry.c 6 May 2023 23:06:27 -0000 1.54 +++ usr.sbin/cron/entry.c 6 May 2023 23:36:56 -0000 @@ -499,12 +499,24 @@ get_range(bitstr_t *bits, int low, int h /* get the (optional) number following the tilde */ ch = get_number(&num2, low, names, ch, file, "/, \t\n"); - if (ch == EOF) + if (ch == EOF) { + /* no second number, check for valid terminator + */ ch = get_char(file); + if (!strchr("/, \t\n", ch)) { + unget_char(ch, file); + return (EOF); + } + } if (ch == EOF || num1 > num2) { unget_char(ch, file); return (EOF); } + + /* we must perform the bounds checking ourselves + */ + if (num1 < low || num2 > high) + return (EOF); if (ch == '/') { /* randomize the step value instead of num1