CVSROOT: /cvs Module name: src Changes by: [email protected] 2024/08/19 09:08:21
Modified files:
usr.sbin/cron : entry.c
Log message:
Fix CVE-2024-43688, buffer underflow for very large step values
In get_number(), reject values that are so large that they are
interpreted as negative numbers. In set_range(), step values smaller
than one or larger than the "stop" value are ignored. This prevents
bit_nset() from being called with out-of-range values.
Bug found by Dave G. of Supernetworks.
