The contract type is `' with a response time of 3 business hours.
A first analysis should be sent before: Tue Apr 22 11:00:00 PDT 1997
>Number: 453
>Category: mod_cgi
>Synopsis: Segmentation fault in util_script.c:call_exe()
>Confidential: no
>Severity: critical
>Priority: medium
>Responsible: apache (Apache HTTP Project)
>State: open
>Class: sw-bug
>Submitter-Id: apache
>Arrival-Date: Tue Apr 22 06:50:00 1997
>Originator: [EMAIL PROTECTED]
>Organization:
apache
>Release: 1.2B8
>Environment:
Digital UNIX 4.0B using stock C compiler, but OS version doesn't matter for this
bug.
>Description:
I reporting this problem two weeks ago via [EMAIL PROTECTED] and never heard
back and it doesn't appear in the bugs database. I'm resubmitting it with the
form to be sure it wasn't lost since I doubt 1.2 should be released with a
segmentation fault problem.
call_exe() grabs the group for passing to suexec with:
gr = getgrgid (pw->pw_gid);
And then uses gr->gr_name without ever checking to make sure gr isn't NULL.
At our site (any many other sites I have seen), users have a unique GID as well
as a unique UID and therefore there isn't a /etc/group entry for pw->pw_gid.
This causes a segmentation fault and core dump on every CGI call.
Additionaly, for sites like mine, call_exe() should pass suexec a group number
instead of name if a group name doesn't exist. suexec should accept a group
number instead of name as an argument. The patches in the "Do you have any
suggested way to fix it?" section include a fix for the segmentation fault as
well as the fix for using the gid of the group doesn't have a name.
>How-To-Repeat:
Create a password entry with a pw->pw_gid that doesn't exist in /etc/group.
>Fix:
These patches fix the problems outlined above. They are gziped and uuencoded to
protect spacing, etc, which would be lost by a cut and paste into the web form.
begin 644 cgifix.gz
M'XL("+C`7#,``V-G:69I>`#-5EN/[EMAIL PROTECTED]<E(W0)#.I!`+D2IM+N:AY7:
MOK255FI7"(%#+#$8V2:IMIW^]CTVAH&D4TUW9K7-`[$/[EMAIL PROTECTED]"IU>U
MI$4L4DXK^2+]RCC-1^]J`J\3#OX*O"`*%M%L"?YZO1Q/I]-SF]&[?0V_5JCN
MP<R+PG6$=EK=&?[4'[EMAIL PROTECTED]"'[1`X36"&>!Z.@;]2QDG<49YG+)R1W-PU/_&
MO!22UZF$*A'BF(%3'4]>Y)[EMAIL PROTECTED]&[0]NH+[JDQN2*O<G53N8`O6V8EV
M3F1\P[*Z($9F\>G+BO">[EMAIL PROTECTED]:+M&S5;0WW0Y#'TW#)>-RP"C$2>RYJ72'RD2
MMX9,^\.#:DYANH799CP9O,HYLD5J.<]I!E9U1$['&[EMAIL PROTECTED]")I+0C7WND(
MV!BSHF`I:$\8*URP!/V;L%V+HP)[EMAIL PROTECTED]@QTFL@>S,77"Q=Z&"Z\>?_J
MU0#C5N<Z#&=NN`C;7#\F$G0'EG5_.&S8;AL6\!DM1R.CKXM`.7$:"G_1M]$F
MFH$AJ/:D$*1[D52Q*"M.2[EK85TPX31[&R/S+/OHW06G2=2D==8L.MP[>CGR
MRGG<K]B?-K'?+/[EMAIL PROTECTED];D[Y354S]T0L2>%$5ZD]E=*)!-0:RW[Z__O/X]
M_NV/[EMAIL PROTECTED]>'[R&&[EMAIL PROTECTED]@_=7
M(Z!E9AF9^WS[W(:76_#L_YC7Y[;NE?UA`-_66<I)(DFLD"S^(X>VSH!U8-@;
MCJTSY^JN4R<:-J.VY4R#+I=NN/;ZP_BI\U;]A#E[(*>GRU?UR%RI'A-U53$N
MKT2MD-N[^S4K]64,>&7/HV`5S=>]N_O$9'!U^U&[EMAIL PROTECTED]<N>_WF_JJ
MZVX'KCEG'[EMAIL PROTECTED]>P(2G2+MA:P'&Q5`RT-2T.Q%9W=E!OO)0$=]JP&(<SV^
M3B=ZP?*8<&Y=&,[EMAIL PROTECTED];("D)S#Y1*7E>XMNF-V.NZ^"OE=ODP-1
MWF#Z=^A>@=GE..?+%+TIJ=2G"3C2HH`]$UK5?(GT/&P6-9+<MN,4-YOQ5,MS
M+3=-G"MYHY^DLDZ*N#9W`J)F=348Z2V"T<R'FKVQT'EI`K%G-P0_9,Y04797
M]#H0JFR:Q"_[4^&)$X\L1%4.$HZWCS^;!^%BN5I[%S9,-->"E*=EH:OA1ZM'
M'?S("FH&05=%$]6?^#C/)@H?GJ!;\]5J!LYE"YA(1JT3$I?W`9_I_5\%_O!"
-_I?E^0^Z+]B&[EMAIL PROTECTED]/
`
end
%0
>Audit-Trail:
>Unformatted:
