httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Dean Gaudet <dgau...@hyperreal.com>
Subject cvs commit: apache/support suexec.c
Date Thu, 24 Apr 1997 23:28:47 GMT
dgaudet     97/04/24 16:28:46

  Modified:    src       CHANGES
               support   suexec.c
  Log:
  Allow suexec to exec files referenced relatively outside current directory.
  
  Submitted by:	Ken Coar
  Reviewed by:	Dean, Roy
  
  Revision  Changes    Path
  1.247     +4 -0      apache/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /export/home/cvs/apache/src/CHANGES,v
  retrieving revision 1.246
  retrieving revision 1.247
  diff -C3 -r1.246 -r1.247
  *** CHANGES	1997/04/24 23:25:08	1.246
  --- CHANGES	1997/04/24 23:28:44	1.247
  ***************
  *** 1,5 ****
  --- 1,9 ----
    Changes with Apache 1.2
    
  +   *) Allow suexec to access files relative to current directory but not
  +      above.  (Excluding leading / or any .. directory.)  [Ken Coar]
  +      PR#269, 319, 395
  + 
      *) Fix suexec segfault when group doesn't exist. [Gregory Neil Shapiro]
         PR#367, 368, 354, 453
    
  
  
  
  1.22      +8 -3      apache/support/suexec.c
  
  Index: suexec.c
  ===================================================================
  RCS file: /export/home/cvs/apache/support/suexec.c,v
  retrieving revision 1.21
  retrieving revision 1.22
  diff -C3 -r1.21 -r1.22
  *** suexec.c	1997/04/24 23:25:11	1.21
  --- suexec.c	1997/04/24 23:28:46	1.22
  ***************
  *** 264,274 ****
        }
        
        /*
  !      * Check for a '/' in the command to be executed,
  !      * to protect against attacks.  If a '/' is
         * found, error out.  Naughty naughty crackers.
         */
  !     if ((strchr(cmd, '/')) != NULL ) {
    	log_err("invalid command (%s)\n", cmd);
    	exit(104);
        }
  --- 264,279 ----
        }
        
        /*
  !      * Check for a leading '/' (absolute path) in the command to be executed,
  !      * or attempts to back up out of the current directory,
  !      * to protect against attacks.  If any are
         * found, error out.  Naughty naughty crackers.
         */
  !     if (
  ! 	    (cmd[0] == '/') ||
  ! 	    (! strncmp (cmd, "../", 3)) ||
  ! 	    (strstr (cmd, "/../") != NULL)
  !        ) {
    	log_err("invalid command (%s)\n", cmd);
    	exit(104);
        }
  
  
  

Mime
View raw message