Commit 40791b93 authored by Christian Kastner's avatar Christian Kastner

SECURITY: Fix for possible DoS by use-after-free

A user reported a use-after-free condition in the cron daemon, leading
to a possible Denial-of-Service scenario by crashing the daemon.

This was made possible by an erroneous removal of two return statements
in commit 1215fdad. Re-adding these
statements resolves the issue.

Closes: #809167
parent 13d44ca7
......@@ -63,7 +63,7 @@ load_database(old_db)
DIR *dir;
struct stat statbuf;
struct stat syscron_stat;
DIR_T *dp;
DIR_T *dp;
cron_db new_db;
user *u, *nu;
struct stat syscrond_stat;
......@@ -572,10 +572,12 @@ force_rescan_user(cron_db *old_db, cron_db *new_db, const char *fname, time_t ol
/* Allocate an empty crontab with the specified mtime, add it to new DB */
if ((u = (user *) malloc(sizeof(user))) == NULL) {
errno = ENOMEM;
return;
}
if ((u->name = strdup(fname)) == NULL) {
free(u);
errno = ENOMEM;
return;
}
u->mtime = old_mtime;
u->crontab = NULL;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment