The contract type is `' with a response time of 3 business hours.
A first analysis should be sent before: Fri Apr 11 17:00:01 PDT 1997
>Number: 367
>Category: general
>Synopsis: PR# 354 Update
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Fri Apr 11 13:40:01 1997
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.2b8
>Environment:
General problem, regardless of compiler and os
>Description:
I researched further the problem I reported with PR# 354. Here are my findings.
When executing a script with suexec, apache calls getgrgid without
checking whether the returned group pointer is null. This will cause
apache to dump core on the subsequent execle if the user's default
group isn't in /etc/group. The fix is below.
Obviously, this is suboptimal, but as long as suexec insists on taking
group names on the command line, it'll have to do. I wonder why suexec
requires user and group names instead of just uids and gids?
>How-To-Repeat:
>Fix:
*** util_script.c.orig Tue Mar 18 04:46:27 1997
--- util_script.c Fri Apr 11 16:09:10 1997
***************
*** 551,557 ****
return;
}
r->uri -= 2;
! gr = getgrgid (pw->pw_gid);
execuser = (char *) palloc (r->pool, (sizeof(pw->pw_name) + 1));
execuser = pstrcat (r->pool, "~", pw->pw_name, NULL);
}
--- 551,560 ----
return;
}
r->uri -= 2;
! if ((gr = getgrgid (pw->pw_gid)) == NULL) {
! log_unixerr("getgrgid", NULL, "invalid groupid", pw->pw_gid);
! return;
! }
execuser = (char *) palloc (r->pool, (sizeof(pw->pw_name) + 1));
execuser = pstrcat (r->pool, "~", pw->pw_name, NULL);
}
%0
>Audit-Trail:
>Unformatted:
