NetBSD Problem Report #53476

From www@NetBSD.org  Sat Jul 28 12:05:55 2018
Return-Path: <www@NetBSD.org>
Received: from mail.netbsd.org (mail.netbsd.org [199.233.217.200])
	(using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
	(Client CN "mail.NetBSD.org", Issuer "mail.NetBSD.org CA" (not verified))
	by mollari.NetBSD.org (Postfix) with ESMTPS id 3F23C7A1B5
	for <gnats-bugs@gnats.NetBSD.org>; Sat, 28 Jul 2018 12:05:55 +0000 (UTC)
Message-Id: <20180728120554.381007A1D0@mollari.NetBSD.org>
Date: Sat, 28 Jul 2018 12:05:54 +0000 (UTC)
From: netbsd-bugs@michael-kaufmann.ch
Reply-To: netbsd-bugs@michael-kaufmann.ch
To: gnats-bugs@NetBSD.org
Subject: crontab: Randomly selected number (question mark) may be negative
X-Send-Pr-Version: www-1.0

>Number:         53476
>Category:       bin
>Synopsis:       crontab: Randomly selected number (question mark) may be negative
>Confidential:   no
>Severity:       non-critical
>Priority:       medium
>Responsible:    kre
>State:          closed
>Class:          sw-bug
>Submitter-Id:   net
>Arrival-Date:   Sat Jul 28 12:10:00 +0000 2018
>Closed-Date:    Wed Aug 08 10:41:16 +0000 2018
>Last-Modified:  Wed Aug 08 10:41:16 +0000 2018
>Originator:     Michael Kaufmann
>Release:        8.0
>Organization:
>Environment:
NetBSD cubieboard 8.0 NetBSD 8.0 (CUBIEBOARD) #0: Tue Jul 17 14:59:51 UTC 2018  mkrepro@mkrepro.NetBSD.org:/usr/src/sys/arch/evbarm/compile/CUBIEBOARD evbarm
>Description:
A crontab entry may contain a question mark '?', e.g.
? 3 * * * $HOME/task.sh

Sometimes crontab fails when activating such a configuration:
crontab: installing new crontab
"/tmp/crontab.8GkRCbU1KQ":1: bad minute
crontab: errors in crontab file, can't install.

The reason is that sometimes a negative value (out of range) is chosen for the minute.
>How-To-Repeat:
Configure this job with "crontab -e":
? 3 * * * $HOME/task.sh

Repeat this multiple times. It will fail in about half of the tries.
>Fix:
The bug is in the "random_with_range" function:

return (int)arc4random() % (high - low + 1) + low;


Proposed bugfix:

return (int)(arc4random() % (high - low + 1) + low);

>Release-Note:

>Audit-Trail:
From: "Robert Elz" <kre@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/53476 CVS commit: src/external/bsd/cron/dist
Date: Sat, 28 Jul 2018 13:51:26 +0000

 Module Name:	src
 Committed By:	kre
 Date:		Sat Jul 28 13:51:26 UTC 2018

 Modified Files:
 	src/external/bsd/cron/dist: entry.c

 Log Message:
 Fix from Michael Kaufmann in PR bin/53476

 Do modulus using unsigned arith, and then convert the result to
 int, rather than converting the arc4random() result to int (which
 might be negative) and performing a modulus on that (with a
 potentially negative answer).


 To generate a diff of this commit:
 cvs rdiff -u -r1.8 -r1.9 src/external/bsd/cron/dist/entry.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

Responsible-Changed-From-To: bin-bug-people->kre
Responsible-Changed-By: kre@NetBSD.org
Responsible-Changed-When: Sat, 28 Jul 2018 14:04:57 +0000
Responsible-Changed-Why:
I am (for now) handling this PR


State-Changed-From-To: open->needs-pullups
State-Changed-By: kre@NetBSD.org
State-Changed-When: Sat, 28 Jul 2018 14:04:57 +0000
State-Changed-Why:
Thanks for the report.   This is fixed now on HEAD.  I will
request a pullup to netbsd-8 (for 8.1, eventually) once it
has some time to settle in (make sure no surprising issues arise.)


State-Changed-From-To: needs-pullups->pending-pullups
State-Changed-By: kre@NetBSD.org
State-Changed-When: Sun, 05 Aug 2018 22:16:11 +0000
State-Changed-Why:
pullup-8 #959


From: "Martin Husemann" <martin@netbsd.org>
To: gnats-bugs@gnats.NetBSD.org
Cc: 
Subject: PR/53476 CVS commit: [netbsd-8] src/external/bsd/cron/dist
Date: Tue, 7 Aug 2018 13:24:59 +0000

 Module Name:	src
 Committed By:	martin
 Date:		Tue Aug  7 13:24:59 UTC 2018

 Modified Files:
 	src/external/bsd/cron/dist [netbsd-8]: entry.c

 Log Message:
 Pull up following revision(s) (requested by kre in ticket #959):

 	external/bsd/cron/dist/entry.c: revision 1.9,1.10

 Fix from Michael Kaufmann in PR bin/53476

 Do modulus using unsigned arith, and then convert the result to
 int, rather than converting the arc4random() result to int (which
 might be negative) and performing a modulus on that (with a
 potentially negative answer).

 Add some more "crappy error detection" - the low value of
 the range of random_with_range() must not be negative (or now
 we are doing unsigned modulus we might generate a very big result).


 To generate a diff of this commit:
 cvs rdiff -u -r1.7 -r1.7.8.1 src/external/bsd/cron/dist/entry.c

 Please note that diffs are not public domain; they are subject to the
 copyright notices on the relevant files.

State-Changed-From-To: pending-pullups->closed
State-Changed-By: kre@NetBSD.org
State-Changed-When: Wed, 08 Aug 2018 10:41:16 +0000
State-Changed-Why:
Pullup completed.   Thanks for the PR.


>Unformatted:
NetBSD Home
NetBSD PR Database Search
(Contact us) $NetBSD: query-full-pr,v 1.43 2018/01/16 07:36:43 maya Exp $
$NetBSD: gnats_config.sh,v 1.9 2014/08/02 14:16:04 spz Exp $
Copyright © 1994-2017 The NetBSD Foundation, Inc. ALL RIGHTS RESERVED.