httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject Re: Guess what? suEXEC problems in 1.2b4...
Date Fri, 03 Jan 1997 16:51:52 GMT
Yes, I caught those as well.


> Randy Terbush had previously stated:
> > > Jake Buchholz had previously stated:
> > > > Tracked it down, here's the code snipped from suexec.c:
> > > > 
> > > >     doclen = strlen(dwd);
> > > > /* above succeeded */
> > > >     if (strncmp(cwd, dwd, doclen) != 0) {
> > > >         free(dwd);
> > > > /* never gets to this point... */
> > > >         log_err("command not in docroot (%s/%s)\n", cwd, cmd);
> > > >         exit(109);
> > > >     }
> > > >     else
> > > >         free(dwd);
> > > > /* never gets to this point either... */
> > > > 
> > > > taking a look at how dwd is defined in suexec.c...
> > > > 
> > > >     char dwd[MAXPATHLEN];   /* docroot working directory */
> > > > 
> > > > Are you sure you want to free(dwd); anywhere in suexec.c?
> > > 
> > > BTW, getting rid of those free(dwd);'s did the trick...
> > 
> > You are correct, these need to go away. I just discovered that
> > FreeBSD-2.2 has a dangerously forgiving malloc and friends. It
> > happily plowed through these areas that will probably be a SEGV
> > on any other UNIX.
> > 
> > I'll check in some changes.
> 
> You might already have noticed this, but right after the code where there were
> free(dwd)'s, there's some free(cwd)'s that could possibly cause the same
> problems...  I commented out those free()'s also.
> 
> -- 
> Jake Buchholz                                      http://www.execpc.com/~jake
> Exec-PC Internet Systems Administrator                         jake@execpc.com




Mime
View raw message