diff -ru cronie-1.5.2/anacron/readtab.c cronie-1.5.2_patched/anacron/readtab.c --- cronie-1.5.2/anacron/readtab.c 2017-09-14 13:53:21.000000000 +0200 +++ cronie-1.5.2_patched/anacron/readtab.c 2018-09-07 15:13:17.752498050 +0200 @@ -134,8 +134,19 @@ var_len = (int)strlen(env_var); val_len = (int)strlen(value); + if (!var_len) { + return; + } + er = obstack_alloc(&tab_o, sizeof(env_rec)); + if (er == NULL) { + die_e("Cannot allocate memory."); + } + er->assign = obstack_alloc(&tab_o, var_len + 1 + val_len + 1); + if (er->assign == NULL) { + die_e("Cannot allocate memory."); + } strcpy(er->assign, env_var); er->assign[var_len] = '='; strcpy(er->assign + var_len + 1, value); @@ -167,15 +178,24 @@ return; } jr = obstack_alloc(&tab_o, sizeof(job_rec)); + if (jr == NULL) { + die_e("Cannot allocate memory."); + } jr->period = period; jr->named_period = 0; delay += random_number; jr->delay = delay; jr->tab_line = line_num; jr->ident = obstack_alloc(&tab_o, ident_len + 1); + if (jr->ident == NULL) { + die_e("Cannot allocate memory."); + } strcpy(jr->ident, ident); jr->arg_num = job_arg_num(ident); jr->command = obstack_alloc(&tab_o, command_len + 1); + if (jr->command == NULL) { + die_e("Cannot allocate memory."); + } strcpy(jr->command, command); jr->job_pid = jr->mailer_pid = 0; if (last_job_rec != NULL) last_job_rec->next = jr; @@ -208,6 +228,9 @@ } jr = obstack_alloc(&tab_o, sizeof(job_rec)); + if (jr == NULL) { + die_e("Cannot allocate memory."); + } if (!strncmp ("@monthly", periods, 8)) { jr->named_period = 1; } else if (!strncmp("@yearly", periods, 7) || !strncmp("@annually", periods, 9) || !strncmp(/* backwards compat misspelling */"@annualy", periods, 8)) { @@ -225,9 +248,15 @@ jr->delay = delay; jr->tab_line = line_num; jr->ident = obstack_alloc(&tab_o, ident_len + 1); + if (jr->ident == NULL) { + die_e("Cannot allocate memory."); + } strcpy(jr->ident, ident); jr->arg_num = job_arg_num(ident); jr->command = obstack_alloc(&tab_o, command_len + 1); + if (jr->command == NULL) { + die_e("Cannot allocate memory."); + } strcpy(jr->command, command); jr->job_pid = jr->mailer_pid = 0; if (last_job_rec != NULL) last_job_rec->next = jr; diff -ru cronie-1.5.2/anacron/runjob.c cronie-1.5.2_patched/anacron/runjob.c --- cronie-1.5.2/anacron/runjob.c 2018-01-24 17:02:33.000000000 +0100 +++ cronie-1.5.2_patched/anacron/runjob.c 2018-09-07 15:13:17.752498050 +0200 @@ -104,9 +104,44 @@ static void xputenv(const char *s) { - char *copy = strdup (s); - if (!copy) die_e("Not enough memory to set the environment"); - if (putenv(copy)) die_e("Can't set the environment"); + char *name = NULL, *val = NULL; + char *eq_ptr; + const char *errmsg; + size_t eq_index; + + if (s == NULL) { + die_e("Invalid environment string"); + } + + eq_ptr = strchr(s, '='); + if (eq_ptr == NULL) { + die_e("Invalid environment string"); + } + + eq_index = (size_t) (eq_ptr - s); + + name = malloc((eq_index + 1) * sizeof(char)); + if (name == NULL) { + die_e("Not enough memory to set the environment"); + } + + val = malloc((strlen(s) - eq_index) * sizeof(char)); + if (val == NULL) { + die_e("Not enough memory to set the environment"); + } + + strncpy(name, s, eq_index); + name[eq_index] = '\0'; + strcpy(val, s + eq_index + 1); + + if (setenv(name, val, 1)) { + die_e("Can't set the environment"); + } + + free(name); + free(val); + return; + } static void diff -ru cronie-1.5.2/src/entry.c cronie-1.5.2_patched/src/entry.c --- cronie-1.5.2/src/entry.c 2017-09-14 13:53:21.000000000 +0200 +++ cronie-1.5.2_patched/src/entry.c 2018-09-07 15:13:17.752498050 +0200 @@ -131,8 +131,10 @@ goto eof; } ch = get_char(file); - if (ch == EOF) + if (ch == EOF) { + free(e); return NULL; + } } if (ch == '@') {