httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: Guess what? suEXEC problems in 1.2b4...
Date Tue, 31 Dec 1996 23:18:22 GMT
> Jake Buchholz had previously stated:
> > Tracked it down, here's the code snipped from suexec.c:
> > 
> >     doclen = strlen(dwd);
> > /* above succeeded */
> >     if (strncmp(cwd, dwd, doclen) != 0) {
> >         free(dwd);
> > /* never gets to this point... */
> >         log_err("command not in docroot (%s/%s)\n", cwd, cmd);
> >         exit(109);
> >     }
> >     else
> >         free(dwd);
> > /* never gets to this point either... */
> > 
> > taking a look at how dwd is defined in suexec.c...
> > 
> >     char dwd[MAXPATHLEN];   /* docroot working directory */
> > 
> > Are you sure you want to free(dwd); anywhere in suexec.c?
> 
> BTW, getting rid of those free(dwd);'s did the trick...

You are correct, these need to go away. I just discovered that
FreeBSD-2.2 has a dangerously forgiving malloc and friends. It
happily plowed through these areas that will probably be a SEGV
on any other UNIX.

I'll check in some changes.




Mime
View raw message