|
|
c8e7f6d |
diff -up mod_auth_shadow-2.2/mod_auth_shadow.c.CVE-2010-1151 mod_auth_shadow-2.2/mod_auth_shadow.c
|
|
|
c8e7f6d |
--- mod_auth_shadow-2.2/mod_auth_shadow.c.CVE-2010-1151 2007-04-02 17:38:27.000000000 +0200
|
|
|
c8e7f6d |
+++ mod_auth_shadow-2.2/mod_auth_shadow.c 2010-04-09 14:26:05.949633122 +0200
|
|
|
c8e7f6d |
@@ -144,6 +144,7 @@ static int auth_shadow_authorize(const c
|
|
|
c8e7f6d |
int filedes[2]; /* fd's for pipe. Read from 0, write to 1*/
|
|
|
c8e7f6d |
char validate_prog[255];
|
|
|
c8e7f6d |
int ret, status;
|
|
|
c8e7f6d |
+ int cpid;
|
|
|
c8e7f6d |
FILE* fp;
|
|
|
c8e7f6d |
|
|
|
c8e7f6d |
if (strlen(INSTBINDIR) > 240) {
|
|
|
c8e7f6d |
@@ -192,6 +193,9 @@ static int auth_shadow_authorize(const c
|
|
|
c8e7f6d |
|
|
|
c8e7f6d |
/* Parent */
|
|
|
c8e7f6d |
|
|
|
c8e7f6d |
+ /* Save child pid - we must only accept answers from it */
|
|
|
c8e7f6d |
+ cpid = ret;
|
|
|
c8e7f6d |
+
|
|
|
c8e7f6d |
/* We write to the pipe, then wait for the child to finish. */
|
|
|
c8e7f6d |
fp = fdopen(filedes[1],"w");
|
|
|
c8e7f6d |
if (!fp) {
|
|
|
c8e7f6d |
@@ -209,12 +213,17 @@ static int auth_shadow_authorize(const c
|
|
|
c8e7f6d |
return(-1);
|
|
|
c8e7f6d |
}
|
|
|
c8e7f6d |
|
|
|
c8e7f6d |
- ret = wait(&status);
|
|
|
c8e7f6d |
- if (ret==0 || ret==-1) {
|
|
|
c8e7f6d |
+ ret = waitpid(cpid, &status, 0);
|
|
|
c8e7f6d |
+ if (ret==-1) {
|
|
|
c8e7f6d |
ap_log_error(APLOG_MARK, APLOG_EMERG, errno, r->server,
|
|
|
c8e7f6d |
"%s: Error while waiting for child: %d.",module_name, errno);
|
|
|
c8e7f6d |
return(-1);
|
|
|
c8e7f6d |
}
|
|
|
c8e7f6d |
+ if (ret==0 || ret!=cpid) {
|
|
|
c8e7f6d |
+ ap_log_error(APLOG_MARK, APLOG_EMERG, errno, r->server,
|
|
|
c8e7f6d |
+ "%s: Failure waiting for child (none or wrong child returned): %d.",module_name, ret);
|
|
|
c8e7f6d |
+ return(-1);
|
|
|
c8e7f6d |
+ }
|
|
|
c8e7f6d |
|
|
|
c8e7f6d |
if (status==0)
|
|
|
c8e7f6d |
return 1; /* Correct pw */
|
|
|
c8e7f6d |
@@ -307,7 +316,7 @@ static int user_in_group (char *user, co
|
|
|
c8e7f6d |
}
|
|
|
c8e7f6d |
|
|
|
c8e7f6d |
ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,
|
|
|
c8e7f6d |
- "%s: Looking in group file for %d: got user: %s", module_name,
|
|
|
c8e7f6d |
+ "%s: Looking in group file for %s: got user: %s", module_name,
|
|
|
c8e7f6d |
groupname, user);
|
|
|
c8e7f6d |
|
|
|
c8e7f6d |
// Get group information from group file using re-entrant
|