httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Jason A. Dour" <...@bcc.louisville.edu>
Subject Re: [BUG]: "programming error in suexec.c" on Irix (fwd)
Date Tue, 28 Jan 1997 12:46:19 GMT
-----BEGIN PGP SIGNED MESSAGE-----

Acked.  I've put it on our suEXEC TODO...  I'll make time soon to look at
this.

Jason


On Tue, 28 Jan 1997, Rob Hartill wrote:

> Date: Tue, 28 Jan 1997 11:17:58 +0000 (GMT)
> From: Rob Hartill <robh@imdb.com>
> Reply-To: new-httpd@hyperreal.com
> To: Apache Group <new-httpd@hyperreal.com>
> Subject: [BUG]: "programming error in suexec.c" on Irix (fwd)
> 
> 
> not acked
> 
> ---------- Forwarded message ----------
> Date: Sun Jan 26 23:36:08 1997
> From: robert@easynet.de
> To: apache-bugs%apache.org@organic.com
> Subject: [BUG]: "programming error in suexec.c" on Irix
> 
> Submitter: robert@easynet.de
> Operating system: Irix, version: 
> Version of Apache Used: 1.2b6
> Extra Modules used: 
> URL exhibiting problem: 
> 
> Symptoms:
> --
> While some problems are fixed with suexec, two more
> severe programming errors are introduced.
> - clean_env() sets some value in environ to 
>   pathbuf and exit. But pathbuf will no longer be
>   valid after clean_env() is terminated! A solution
>   would be to declare it "static char pathbuf[512]".
> - By setting more than 256 environment variables, 
>   it's possible to corrupt the memory allocated
>   for cleanenv in clean_env().
>   Solution: 
>   Change
>     for (ep = environ; *ep; ep++) {
>   to
>     for (ep = environ; *ep && cidx < CLEAN_ENV_BUF; ep++) {
> 
> --
> 
> Backtrace:
> --
> 
> --
> 
> 

# Jason A. Dour <jad@bcc.louisville.edu>                            1101
# Programmer Analyst II; Department of Radiation Oncology; Univ. of Lou.
# Finger for URLs, PGP public key, geek code, PJ Harvey info, et cetera.

-----BEGIN PGP SIGNATURE-----
Version: 2.6.2

iQCVAwUBMu31Hpo1JaC71RLxAQFVrQP/Vaj/Q0+t1wwhBQqMr604oEitXrc2QNhI
e/795mwr/4c6Q3J+YRqu4fVlYunX6ywF8u/ZRHy3XW+S3Adkvgo+A/JgBDNpOTx5
pFbz9r981ZfK19wv/7c0Qh9e7CX29/McYsxM9gcpzmJE/SbS6YjpP5fJ3E9dwHxv
qH2oupWCxec=
=8gUv
-----END PGP SIGNATURE-----


Mime
View raw message