Add CHANGES' security entries for 2.4.27.

[apache] / support / suexec.c

diff --git a/support/suexec.c b/support/suexec.c
index e4c4ecb4bf3f6a726a4f08bbecadfb5ce737ce9e..0b2491e28b394985edb6e3db98598f044b985472 100644 (file)
--- a/support/suexec.c
+++ b/support/suexec.c
@@ -81,8 +81,11 @@ static const char *const safe_env_lst[] =
     "AUTH_TYPE=",
     "CONTENT_LENGTH=",
     "CONTENT_TYPE=",
+    "CONTEXT_DOCUMENT_ROOT=",
+    "CONTEXT_PREFIX=",
     "DATE_GMT=",
     "DATE_LOCAL=",
+    "DOCUMENT_ARGS=",
     "DOCUMENT_NAME=",
     "DOCUMENT_PATH_INFO=",
     "DOCUMENT_ROOT=",
@@ -99,13 +102,16 @@ static const char *const safe_env_lst[] =
     "REMOTE_IDENT=",
     "REMOTE_PORT=",
     "REMOTE_USER=",
+    "REDIRECT_ERROR_NOTES=",
     "REDIRECT_HANDLER=",
     "REDIRECT_QUERY_STRING=",
     "REDIRECT_REMOTE_USER=",
+    "REDIRECT_SCRIPT_FILENAME=",
     "REDIRECT_STATUS=",
     "REDIRECT_URL=",
     "REQUEST_METHOD=",
     "REQUEST_URI=",
+    "REQUEST_SCHEME=",
     "SCRIPT_FILENAME=",
     "SCRIPT_NAME=",
     "SCRIPT_URI=",
@@ -123,6 +129,12 @@ static const char *const safe_env_lst[] =
     NULL
 };
 
+static void log_err(const char *fmt,...) 
+    __attribute__((format(printf,1,2)));
+static void log_no_err(const char *fmt,...)  
+    __attribute__((format(printf,1,2)));
+static void err_output(int is_error, const char *fmt, va_list ap) 
+    __attribute__((format(printf,2,0)));
 
 static void err_output(int is_error, const char *fmt, va_list ap)
 {
@@ -131,7 +143,11 @@ static void err_output(int is_error, const char *fmt, va_list ap)
     struct tm *lt;
 
     if (!log) {
+#if defined(_LARGEFILE64_SOURCE) && HAVE_FOPEN64
+        if ((log = fopen64(AP_LOG_EXEC, "a")) == NULL) {
+#else
         if ((log = fopen(AP_LOG_EXEC, "a")) == NULL) {
+#endif
             fprintf(stderr, "suexec failure: could not open log file\n");
             perror("fopen");
             exit(1);
@@ -202,11 +218,15 @@ static void clean_env(void)
 
     if ((cleanenv = (char **) calloc(AP_ENVBUF, sizeof(char *))) == NULL) {
         log_err("failed to malloc memory for environment\n");
-        exit(120);
+        exit(123);
     }
 
     sprintf(pathbuf, "PATH=%s", AP_SAFE_PATH);
     cleanenv[cidx] = strdup(pathbuf);
+    if (cleanenv[cidx] == NULL) {
+        log_err("failed to malloc memory for environment\n");
+        exit(124);
+    }
     cidx++;
 
     for (ep = envp; *ep && cidx < AP_ENVBUF-1; ep++) {
@@ -235,7 +255,6 @@ int main(int argc, char *argv[])
     char *target_homedir;   /* target home directory     */
     char *actual_uname;     /* actual user name          */
     char *actual_gname;     /* actual group name         */
-    char *prog;             /* name of this program      */
     char *cmd;              /* command to be executed    */
     char cwd[AP_MAXPATH];   /* current working directory */
     char dwd[AP_MAXPATH];   /* docroot working directory */
@@ -249,14 +268,13 @@ int main(int argc, char *argv[])
      */
     clean_env();
 
-    prog = argv[0];
     /*
      * Check existence/validity of the UID of the user
      * running this program.  Error out if invalid.
      */
     uid = getuid();
     if ((pw = getpwuid(uid)) == NULL) {
-        log_err("crit: invalid uid: (%ld)\n", uid);
+        log_err("crit: invalid uid: (%lu)\n", (unsigned long)uid);
         exit(102);
     }
     /*
@@ -383,7 +401,10 @@ int main(int argc, char *argv[])
         }
     }
     gid = gr->gr_gid;
-    actual_gname = strdup(gr->gr_name);
+    if ((actual_gname = strdup(gr->gr_name)) == NULL) {
+        log_err("failed to alloc memory\n");
+        exit(125);
+    }
 
 #ifdef _OSD_POSIX
     /*
@@ -418,6 +439,10 @@ int main(int argc, char *argv[])
     uid = pw->pw_uid;
     actual_uname = strdup(pw->pw_name);
     target_homedir = strdup(pw->pw_dir);
+    if (actual_uname == NULL || target_homedir == NULL) {
+        log_err("failed to alloc memory\n");
+        exit(126);
+    }
 
     /*
      * Log the transaction here to be sure we have an open log
@@ -433,7 +458,7 @@ int main(int argc, char *argv[])
      * a UID less than AP_UID_MIN.  Tsk tsk.
      */
     if ((uid == 0) || (uid < AP_UID_MIN)) {
-        log_err("cannot run as forbidden uid (%d/%s)\n", uid, cmd);
+        log_err("cannot run as forbidden uid (%lu/%s)\n", (unsigned long)uid, cmd);
         exit(107);
     }
 
@@ -442,7 +467,7 @@ int main(int argc, char *argv[])
      * or as a GID less than AP_GID_MIN.  Tsk tsk.
      */
     if ((gid == 0) || (gid < AP_GID_MIN)) {
-        log_err("cannot run as forbidden gid (%d/%s)\n", gid, cmd);
+        log_err("cannot run as forbidden gid (%lu/%s)\n", (unsigned long)gid, cmd);
         exit(108);
     }
 
@@ -453,7 +478,7 @@ int main(int argc, char *argv[])
      * and setgid() to the target group. If unsuccessful, error out.
      */
     if (((setgid(gid)) != 0) || (initgroups(actual_uname, gid) != 0)) {
-        log_err("failed to setgid (%ld: %s)\n", gid, cmd);
+        log_err("failed to setgid (%lu: %s)\n", (unsigned long)gid, cmd);
         exit(109);
     }
 
@@ -461,7 +486,7 @@ int main(int argc, char *argv[])
      * setuid() to the target user.  Error out on fail.
      */
     if ((setuid(uid)) != 0) {
-        log_err("failed to setuid (%ld: %s)\n", uid, cmd);
+        log_err("failed to setuid (%lu: %s)\n", (unsigned long)uid, cmd);
         exit(110);
     }
 
@@ -549,11 +574,11 @@ int main(int argc, char *argv[])
         (gid != dir_info.st_gid) ||
         (uid != prg_info.st_uid) ||
         (gid != prg_info.st_gid)) {
-        log_err("target uid/gid (%ld/%ld) mismatch "
-                "with directory (%ld/%ld) or program (%ld/%ld)\n",
-                uid, gid,
-                dir_info.st_uid, dir_info.st_gid,
-                prg_info.st_uid, prg_info.st_gid);
+        log_err("target uid/gid (%lu/%lu) mismatch "
+                "with directory (%lu/%lu) or program (%lu/%lu)\n",
+                (unsigned long)uid, (unsigned long)gid,
+                (unsigned long)dir_info.st_uid, (unsigned long)dir_info.st_gid,
+                (unsigned long)prg_info.st_uid, (unsigned long)prg_info.st_gid);
         exit(120);
     }
     /*