Fix CVE-2024-43688, buffer underflow for very large step values
authormillert <millert@openbsd.org>
Mon, 19 Aug 2024 15:08:21 +0000 (15:08 +0000)
committermillert <millert@openbsd.org>
Mon, 19 Aug 2024 15:08:21 +0000 (15:08 +0000)
commit9170eb325dbfb3404b14fd1703eef7e0f7be4653
treecd4d02be581f4ea1bbc070bfb78b5c60bf961656
parent2cc97500edd5da6a6f27407dc48282cee52d6a39
Fix CVE-2024-43688, buffer underflow for very large step values

In get_number(), reject values that are so large that they are
interpreted as negative numbers.  In set_range(), step values smaller
than one or larger than the "stop" value are ignored.  This prevents
bit_nset() from being called with out-of-range values.

Bug found by Dave G. of Supernetworks.
usr.sbin/cron/entry.c