-Fix Bug 786096 - VUL-1: cron: does not close file descriptors before invocation of commands

OBS-URL: https://build.opensuse.org/package/show/Base:System/cronie?expand=0&rev=110
2012-11-12 13:52:11 +00:00 · 2012-11-12 13:52:11 +00:00 · 68a356b6e1
commit 68a356b6e1
parent 70bab8dae8
3 changed files with 33 additions and 0 deletions
--- a/bug-786096_cronie-fdleak.diff
+++ b/bug-786096_cronie-fdleak.diff
@ -0,0 +1,25 @@
+Index: cronie-1.4.8/src/do_command.c
+===================================================================
+--- cronie-1.4.8.orig/src/do_command.c
+++ cronie-1.4.8/src/do_command.c
+@@ -69,6 +69,7 @@ static int child_process(entry * e, user
+ 	int stdin_pipe[2], stdout_pipe[2];
+ 	char *input_data, *usernm, *mailto, *mailfrom;
+ 	int children = 0;
+    int i = 3, open_max = -1;
+ 	pid_t pid = getpid();
+ 	struct sigaction sa;
+ 
+@@ -154,6 +155,12 @@ static int child_process(entry * e, user
+ 		*p = '\0';
+ 	}
+ 
+               open_max = sysconf(_SC_OPEN_MAX);
+               if (open_max < 0)
+                       open_max = 1024;
+               for (i = STDERR + 1; i < open_max; ++i)
+                       close(i);
+
+ 
+ 	/* fork again, this time so we can exec the user's command.
+ 	 */
--- a/cronie.changes
+++ b/cronie.changes
@ -1,3 +1,8 @@
+-------------------------------------------------------------------
+Mon Nov 12 13:44:06 UTC 2012 - vdziewiecki@suse.com
+
+-Fix Bug 786096 - VUL-1: cron: does not close file descriptors before invocation of commands 
+
 -------------------------------------------------------------------
 Sun Oct 28 18:31:20 UTC 2012 - crrodriguez@opensuse.org

--- a/cronie.spec
+++ b/cronie.spec
@ -58,6 +58,8 @@ Patch7:         cronie-1.4.7-disable_logging.patch
 Patch8:         cronie-anacron-1.4.7-run-crons.patch
 Patch9:         cronie-1.4.8-bug_756197.diff
 Patch10:        cronie-nofork-nopid.patch
+# PATCH-FIX-UPSTREAM bnc#786096
+Patch11:        bug-786096_cronie-fdleak.diff
 Conflicts:      cron <= 4.1
 # When finish update protection of sles11 we could uncomment line bellow and drop all
 # ugly hacks with subpackage cron needed for proper update proces
@ -103,6 +105,7 @@ overloaded in settings.
 %patch9
 cp %{S:7} ./cron_to_cronie.README
 %patch10
+%patch11 -p1 
 %build
 # fill macro CRON_VERSION it is used in top three lines of crontab file,should be reworked
 export CFLAGS="$RPM_OPT_FLAGS -DCRON_VERSION=\\\"%{version}\\\""