diff -up mod_auth_shadow-2.2/mod_auth_shadow.c.CVE-2010-1151 mod_auth_shadow-2.2/mod_auth_shadow.c

--- mod_auth_shadow-2.2/mod_auth_shadow.c.CVE-2010-1151	2007-04-02 17:38:27.000000000 +0200

+++ mod_auth_shadow-2.2/mod_auth_shadow.c	2010-04-09 14:26:05.949633122 +0200

@@ -144,6 +144,7 @@ static int auth_shadow_authorize(const c

     int filedes[2];  /* fd's for pipe.  Read from 0, write to 1*/

     char validate_prog[255];

     int ret, status;

+    int cpid;

     FILE* fp;

     if (strlen(INSTBINDIR) > 240) {

@@ -192,6 +193,9 @@ static int auth_shadow_authorize(const c

     /* Parent */

+    /* Save child pid - we must only accept answers from it */

+    cpid = ret;

+

     /* We write to the pipe, then wait for the child to finish. */

     fp = fdopen(filedes[1],"w");

     if (!fp) {

@@ -209,12 +213,17 @@ static int auth_shadow_authorize(const c

         return(-1);

     }

-    ret = wait(&status);

-    if (ret==0 || ret==-1) {

+    ret = waitpid(cpid, &status, 0);

+    if (ret==-1) {

         ap_log_error(APLOG_MARK, APLOG_EMERG, errno, r->server,

         "%s: Error while waiting for child: %d.",module_name, errno);

         return(-1);

     }

+    if (ret==0 || ret!=cpid) {

+        ap_log_error(APLOG_MARK, APLOG_EMERG, errno, r->server,

+        "%s: Failure waiting for child (none or wrong child returned): %d.",module_name, ret);

+        return(-1);

+    }

     if (status==0)

         return 1;  /* Correct pw */

@@ -307,7 +316,7 @@ static int user_in_group (char *user, co

     }

     ap_log_error(APLOG_MARK, APLOG_DEBUG, 0, NULL,

-       "%s: Looking in group file for %d: got user: %s", module_name, 

+       "%s: Looking in group file for %s: got user: %s", module_name, 

 		groupname, user);

     // Get group information from group file using re-entrant