httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Randy Terbush <ra...@zyzzyva.com>
Subject [PATCH] Re: mod_cgi/453: Segmentation fault in util_script.c:call_exe()
Date Wed, 23 Apr 1997 17:06:55 GMT
I would suggest that we apply the patch that the reporter of this 
bug supplied. It seems to address the issues of the problem. The 
suggestion Marc made of using group id numbers would IMO force more 
code changes than any of us want to deal with at this time.


*** src/util_script.c~orig	Tue Mar 18 04:46:27 1997
--- src/util_script.c	Thu Apr 10 20:59:18 1997
***************
*** 436,441 ****
--- 436,442 ----
      core_dir_config *conf;
      struct passwd *pw;
      struct group *gr;
+     char *grpname;
      
      conf = (core_dir_config *)get_module_config(r->per_dir_config, &core_module);
  
***************
*** 551,557 ****
  		return;
  	    }
              r->uri -= 2;
!             gr = getgrgid (pw->pw_gid);
              execuser = (char *) palloc (r->pool, (sizeof(pw->pw_name) + 1));
              execuser = pstrcat (r->pool, "~", pw->pw_name, NULL);
          }
--- 552,565 ----
  		return;
  	    }
              r->uri -= 2;
!             if ((gr = getgrgid (pw->pw_gid)) == NULL) {
! 		if ((grpname = palloc (r->pool, 16)) == NULL) 
! 		    return;
! 		else
! 		    ap_snprintf(grpname, sizeof(grpname), "%d\0", pw->pw_gid);
! 	    }
! 	    else
! 		grpname = gr->gr_name;
              execuser = (char *) palloc (r->pool, (sizeof(pw->pw_name) + 1));
              execuser = pstrcat (r->pool, "~", pw->pw_name, NULL);
          }
***************
*** 569,582 ****
          }
    
    	if (shellcmd)
! 	    execle(SUEXEC_BIN, SUEXEC_BIN, execuser, gr->gr_name, argv0, NULL, env);
  
    	else if((!r->args) || (!r->args[0]) || (ind(r->args,'=') >= 0))
! 	    execle(SUEXEC_BIN, SUEXEC_BIN, execuser, gr->gr_name, argv0, NULL, env);
  
    	else {
  	    execve(SUEXEC_BIN,
! 		   create_argv(r, SUEXEC_BIN, execuser, gr->gr_name, argv0, r->args, (void *)NULL),
  		   env);
  	}
      }
--- 577,590 ----
          }
    
    	if (shellcmd)
! 	    execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);
  
    	else if((!r->args) || (!r->args[0]) || (ind(r->args,'=') >= 0))
! 	    execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0, NULL, env);
  
    	else {
  	    execve(SUEXEC_BIN,
! 		   create_argv(r, SUEXEC_BIN, execuser, grpname, argv0, r->args, (void *)NULL),
  		   env);
  	}
      }
*** support/suexec.c~orig	Mon Apr  7 13:48:39 1997
--- support/suexec.c	Thu Apr 10 21:58:45 1997
***************
*** 294,311 ****
      /*
       * Error out if the target group name is invalid.
       */
!     if ((gr = getgrnam(target_gname)) == NULL) {
! 	log_err("invalid target group name: (%s)\n", target_gname);
! 	exit(106);
      }
  
      /*
       * Save these for later since initgroups will hose the struct
       */
      uid = pw->pw_uid;
-     gid = gr->gr_gid;
      actual_uname = strdup(pw->pw_name);
-     actual_gname = strdup(gr->gr_name);
      target_homedir = strdup(pw->pw_dir);
  
      /*
--- 294,317 ----
      /*
       * Error out if the target group name is invalid.
       */
!     if (strspn(target_gname, "1234567890") != strlen(target_gname)) {
! 	if ((gr = getgrnam(target_gname)) == NULL) {
! 	    log_err("invalid target group name: (%s)\n", target_gname);
! 	    exit(106);
! 	}
! 	gid = gr->gr_gid;
! 	actual_gname = strdup(gr->gr_name);
      }
+     else {
+ 	gid = atoi(target_gname);
+ 	actual_gname = strdup(target_gname);
+     }
  
      /*
       * Save these for later since initgroups will hose the struct
       */
      uid = pw->pw_uid;
      actual_uname = strdup(pw->pw_name);
      target_homedir = strdup(pw->pw_dir);
  
      /*




Mime
View raw message