httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Jake Buchholz <j...@execpc.com>
Subject Re: Guess what? suEXEC problems in 1.2b4...
Date Fri, 03 Jan 1997 16:38:30 GMT
Randy Terbush had previously stated:
> > Jake Buchholz had previously stated:
> > > Tracked it down, here's the code snipped from suexec.c:
> > > 
> > >     doclen = strlen(dwd);
> > > /* above succeeded */
> > >     if (strncmp(cwd, dwd, doclen) != 0) {
> > >         free(dwd);
> > > /* never gets to this point... */
> > >         log_err("command not in docroot (%s/%s)\n", cwd, cmd);
> > >         exit(109);
> > >     }
> > >     else
> > >         free(dwd);
> > > /* never gets to this point either... */
> > > 
> > > taking a look at how dwd is defined in suexec.c...
> > > 
> > >     char dwd[MAXPATHLEN];   /* docroot working directory */
> > > 
> > > Are you sure you want to free(dwd); anywhere in suexec.c?
> > 
> > BTW, getting rid of those free(dwd);'s did the trick...
> 
> You are correct, these need to go away. I just discovered that
> FreeBSD-2.2 has a dangerously forgiving malloc and friends. It
> happily plowed through these areas that will probably be a SEGV
> on any other UNIX.
> 
> I'll check in some changes.

You might already have noticed this, but right after the code where there were
free(dwd)'s, there's some free(cwd)'s that could possibly cause the same
problems...  I commented out those free()'s also.

-- 
Jake Buchholz                                      http://www.execpc.com/~jake
Exec-PC Internet Systems Administrator                         jake@execpc.com

Mime
View raw message