kiorky / croniter

MIT License
410 stars 40 forks source link

Division by zero possible with ranges #37

Closed sg3-141-592 closed 1 year ago

sg3-141-592 commented 1 year ago

Division by zero possible with ranges

The oss-fuzz croniter project integration originally found an out of range exception with this string.

"""0 r(1-0)
r
*
0"""

This issue is around the r(1-0) section

Some other reproductions of the issue

0 r(1-0) * * * *
H(30-29) H * * *

You can force a modulo zero in croniter.py:894 by setting range_end to 1 less than range_begin

crc = binascii.crc32(hash_id) & 0xFFFFFFFF
return ((crc >> idx) % (range_end - range_begin + 1)) + range_begin

This doesn't affect when there's a division e.g. H(30-29)/2 H * * * works fine

The library doesn't produce valid results when range_end is less than range_begin. Having a look, it seems like the library could raise a Bad Cron Error to the elif m['range_begin'] and m['range_end']: section in expand.

Happy to raise a PR and add a new unit test for this if you think it's the right approach.

kiorky commented 1 year ago

PR are always welcome :+1:

sg3-141-592 commented 1 year ago

Great, I've just created PR #39 with a proposed additional validation logic for this edge case and a new test case for it.

kiorky commented 1 year ago

solved by the pr