httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Roy T. Fielding" <field...@kiwi.ICS.UCI.EDU>
Subject [PATCH] Fix suexec goofing in util_script.c
Date Fri, 25 Apr 1997 02:10:28 GMT
Crikey.  Please hold on 1.2b9 until this can be tested and applied.

....Roy

Index: util_script.c
===================================================================
RCS file: /export/home/cvs/apache/src/util_script.c,v
retrieving revision 1.49
diff -c -r1.49 util_script.c
*** util_script.c	1997/04/24 23:25:09	1.49
--- util_script.c	1997/04/25 02:03:25
***************
*** 432,444 ****
  
  void call_exec (request_rec *r, char *argv0, char **env, int shellcmd) 
  {
!     char *execuser;
!     core_dir_config *conf;
!     struct passwd *pw;
!     struct group *gr;
!     char *grpname;
!     
!     conf = (core_dir_config *)get_module_config(r->per_dir_config, &core_module);
  
      /* the fd on r->server->error_log is closed, but we need somewhere to
       * put the error messages from the log_* functions. So, we use stderr,
--- 432,439 ----
  
  void call_exec (request_rec *r, char *argv0, char **env, int shellcmd) 
  {
!     core_dir_config *conf =
!       (core_dir_config *)get_module_config(r->per_dir_config, &core_module);
  
      /* the fd on r->server->error_log is closed, but we need somewhere to
       * put the error messages from the log_* functions. So, we use stderr,
***************
*** 545,579 ****
  	  (r->server->server_gid != group_id) ||
  	  (!strncmp("/~",r->uri,2))) ) {
  
          if (!strncmp("/~",r->uri,2)) {
!             r->uri += 2;
!             if ((pw = getpwnam (getword_nc (r->pool, &r->uri, '/'))) == NULL)
{
! 		log_unixerr("getpwnam", NULL, "invalid username", r->server);
  		return;
  	    }
!             r->uri -= 2;
              if ((gr = getgrgid (pw->pw_gid)) == NULL) {
  		if ((grpname = palloc (r->pool, 16)) == NULL) 
  		    return;
  		else
! 		    ap_snprintf(grpname, sizeof(grpname), "%d\0", pw->pw_gid);
  	    }
  	    else
  		grpname = gr->gr_name;
-             execuser = (char *) palloc (r->pool, (sizeof(pw->pw_name) + 1));
-             execuser = pstrcat (r->pool, "~", pw->pw_name, NULL);
          }
  	else {
  	    if ((pw = getpwuid (r->server->server_uid)) == NULL) {
  		log_unixerr("getpwuid", NULL, "invalid userid", r->server);
  		return;
  	    }
              if ((gr = getgrgid (r->server->server_gid)) == NULL) {
  		log_unixerr("getgrgid", NULL, "invalid groupid", r->server);
  		return;
  	    }
!             execuser = (char *) palloc (r->pool, sizeof(pw->pw_name));
!             execuser = pw->pw_name;
          }
    
    	if (shellcmd)
--- 540,582 ----
  	  (r->server->server_gid != group_id) ||
  	  (!strncmp("/~",r->uri,2))) ) {
  
+         char *execuser, *grpname;
+         struct passwd *pw;
+         struct group *gr;
+ 
          if (!strncmp("/~",r->uri,2)) {
!             char *username = pstrdup(r->pool, r->uri + 2);
!             int pos = ind(username, '/');
! 
!             if (pos >= 0) username[pos] = '\0';
! 
!             if ((pw = getpwnam(username)) == NULL) {
! 		log_unixerr("getpwnam",username,"invalid username",r->server);
  		return;
  	    }
!             execuser = pstrcat(r->pool, "~", pw->pw_name, NULL);
! 
              if ((gr = getgrgid (pw->pw_gid)) == NULL) {
  		if ((grpname = palloc (r->pool, 16)) == NULL) 
  		    return;
  		else
! 		    ap_snprintf(grpname, 16, "%d", pw->pw_gid);
  	    }
  	    else
  		grpname = gr->gr_name;
          }
  	else {
  	    if ((pw = getpwuid (r->server->server_uid)) == NULL) {
  		log_unixerr("getpwuid", NULL, "invalid userid", r->server);
  		return;
  	    }
+             execuser = pstrdup(r->pool, pw->pw_name);
+ 
              if ((gr = getgrgid (r->server->server_gid)) == NULL) {
  		log_unixerr("getgrgid", NULL, "invalid groupid", r->server);
  		return;
  	    }
!             grpname = gr->gr_name;
          }
    
    	if (shellcmd)

Mime
View raw message