httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From field...@apache.org
Subject svn commit: r655711 - in /httpd/httpd/trunk: CHANGES support/suexec.c
Date Tue, 13 May 2008 02:21:34 GMT
Author: fielding
Date: Mon May 12 19:21:33 2008
New Revision: 655711

URL: http://svn.apache.org/viewvc?rev=655711&view=rev
Log:
When group is given as a numeric gid, validate it by looking up the
actual group name such that the name can be used in log entries.

PR: 7862
Submitted by: <y-koga apache.or.jp>, Leif W <warp-9.9 usa.net>

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/support/suexec.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=655711&r1=655710&r2=655711&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon May 12 19:21:33 2008
@@ -2,6 +2,10 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
+  *) suexec: When group is given as a numeric gid, validate it by looking up
+     the actual group name such that the name can be used in log entries.
+     PR 7862 [<y-koga apache.or.jp>, Leif W <warp-9.9 usa.net>]
+
   *) ab: Improve client performance by clearing connection pool instead
      of destroying it. PR 40054 [Brad Roberts <braddr puremagic.com>]
 

Modified: httpd/httpd/trunk/support/suexec.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/suexec.c?rev=655711&r1=655710&r2=655711&view=diff
==============================================================================
--- httpd/httpd/trunk/support/suexec.c (original)
+++ httpd/httpd/trunk/support/suexec.c Mon May 12 19:21:33 2008
@@ -395,13 +395,15 @@
             log_err("invalid target group name: (%s)\n", target_gname);
             exit(106);
         }
-        gid = gr->gr_gid;
-        actual_gname = strdup(gr->gr_name);
     }
     else {
-        gid = atoi(target_gname);
-        actual_gname = strdup(target_gname);
+        if ((gr = getgrgid(atoi(target_gname))) == NULL) {
+            log_err("invalid target group id: (%s)\n", target_gname);
+            exit(106);
+        }
     }
+    gid = gr->gr_gid;
+    actual_gname = strdup(gr->gr_name);
 
 #ifdef _OSD_POSIX
     /*



Mime
View raw message