On Thu, May 04, 2023 at 03:30:30PM -0600, Todd C. Miller wrote:
> This fixes two issues with the parsing of random values:
>
> 1) A random value with a step is now rejected. For example:
>
> ~/10 * * * * echo invalid
I've ben using ~/10 to randomly distribute four similar tasks so that
they don't start at the same time.
Is that wrong?
I could use, e.g. 1/10, 3/10, 5/10, 7/10 and 9/10, but ~/10 seems nicer.
> 0~59/10 * * * * echo invalid
> 10~/10 * * * * echo invalid
> ~40/10 * * * * echo invalid
>
> Previously, the '/' would just be discarded.
>
> 2) The high and low random bound values are now checked. Previously,
> only the randomized number was bounds-checked (which is usually
> too late). This is more consistent with the behavior of ranges
> (low-high). The following invalid entry is now rejected.
>
> 0~60 * * * * echo max minute is 59
>
> Whereas before it would work most (but not all!) of the time.
>
> OK?
>
> - todd
>
> diff -u -p -u -r1.53 entry.c
> --- usr.sbin/cron/entry.c 21 May 2022 01:21:29 -0000 1.53
> +++ usr.sbin/cron/entry.c 4 May 2023 21:19:40 -0000
> @@ -498,12 +498,17 @@ get_range(bitstr_t *bits, int low, int h
> /* get the (optional) number following the tilde
> */
> ch = get_number(&num2, low, names, ch, file, ", \t\n");
> - if (ch == EOF)
> + if (ch == EOF) {
> + /* no second number, check for valid terminator
> + */
> ch = get_char(file);
> - if (ch == EOF || num1 > num2) {
> - unget_char(ch, file);
> - return (EOF);
> + if (!strchr(", \t\n", ch)) {
> + unget_char(ch, file);
> + return (EOF);
> + }
> }
> + if (num1 > num2 || num1 < low || num2 > high)
> + return (EOF);
>
> /* get a random number in the interval [num1, num2]
> */
>
