Received: by taz.hyperreal.com (8.8.3/V2.0) id PAA09332; Tue, 31 Dec 1996 15:18:58 -0800 (PST) Received: from sierra.zyzzyva.com by taz.hyperreal.com (8.8.3/V2.0) with ESMTP id PAA09317; Tue, 31 Dec 1996 15:18:52 -0800 (PST) Received: from sierra (localhost [127.0.0.1]) by sierra.zyzzyva.com (8.8.4/8.8.2) with ESMTP id RAA00831 for ; Tue, 31 Dec 1996 17:18:22 -0600 (CST) Message-Id: <199612312318.RAA00831@sierra.zyzzyva.com> To: new-httpd@hyperreal.com Subject: Re: Guess what? suEXEC problems in 1.2b4... In-reply-to: jake's message of Tue, 31 Dec 1996 17:03:06 -0600. <199612312303.RAA26459@earth.execpc.com> X-uri: http://www.zyzzyva.com/ Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Date: Tue, 31 Dec 1996 17:18:22 -0600 From: Randy Terbush Sender: new-httpd-owner@apache.org Precedence: bulk Reply-To: new-httpd@hyperreal.com > Jake Buchholz had previously stated: > > Tracked it down, here's the code snipped from suexec.c: > > > > doclen = strlen(dwd); > > /* above succeeded */ > > if (strncmp(cwd, dwd, doclen) != 0) { > > free(dwd); > > /* never gets to this point... */ > > log_err("command not in docroot (%s/%s)\n", cwd, cmd); > > exit(109); > > } > > else > > free(dwd); > > /* never gets to this point either... */ > > > > taking a look at how dwd is defined in suexec.c... > > > > char dwd[MAXPATHLEN]; /* docroot working directory */ > > > > Are you sure you want to free(dwd); anywhere in suexec.c? > > BTW, getting rid of those free(dwd);'s did the trick... You are correct, these need to go away. I just discovered that FreeBSD-2.2 has a dangerously forgiving malloc and friends. It happily plowed through these areas that will probably be a SEGV on any other UNIX. I'll check in some changes.