https://bz.apache.org/bugzilla/show_bug.cgi?id=33207
--- Comment #4 from Roland Illig <[email protected]> --- Sorry, my bad, I didn't look close enough. The issue with atoi is still there. That function should never be used in any code. Not even when you know that the string only consists of digits, since there is still the possibility of overflow. Undefined behavior. ;) The sprintf call may still overflow the buffer. The "unable to log" refers to the "exec failed" at the very bottom of the file. At that point, the log files have been closed (see closelog and fclose further above), and since the process has changed ownership by then, it will not be able to write to the suexec log file. Luckily this is only in very specific circumstances (file not executable even though it has the executable bit set), so it would probably not happen too often. Still the code should be solid here. All other items from the original report have been fixed in the meantime. -- You are receiving this mail because: You are the assignee for the bug. --------------------------------------------------------------------- To unsubscribe, e-mail: [email protected] For additional commands, e-mail: [email protected]
