When group is given as a numeric gid, validate it by looking up the

actual group name such that the name can be used in log entries.

PR: 7862
Submitted by: <y-koga apache.or.jp>, Leif W <warp-9.9 usa.net>

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@655711 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 27cd3f16e061f540de6415f6cfafd8e87ee6f555..faf4cedf96a25041344910fae0d744a9d2506338 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@
 Changes with Apache 2.3.0
 [ When backported to 2.2.x, remove entry from this file ]
 
+  *) suexec: When group is given as a numeric gid, validate it by looking up
+     the actual group name such that the name can be used in log entries.
+     PR 7862 [<y-koga apache.or.jp>, Leif W <warp-9.9 usa.net>]
+
   *) ab: Improve client performance by clearing connection pool instead
      of destroying it. PR 40054 [Brad Roberts <braddr puremagic.com>]
 

diff --git a/support/suexec.c b/support/suexec.c
index 1037a06c6eaf4f986a4ccc2553cf8650f799ae0d..59371be0bb8099317730c698ffc4269ddbe91497 100644 (file)
--- a/support/suexec.c
+++ b/support/suexec.c
@@ -395,13 +395,15 @@ int main(int argc, char *argv[])
             log_err("invalid target group name: (%s)\n", target_gname);
             exit(106);
         }
-        gid = gr->gr_gid;
-        actual_gname = strdup(gr->gr_name);
     }
     else {
-        gid = atoi(target_gname);
-        actual_gname = strdup(target_gname);
+        if ((gr = getgrgid(atoi(target_gname))) == NULL) {
+            log_err("invalid target group id: (%s)\n", target_gname);
+            exit(106);
+        }
     }
+    gid = gr->gr_gid;
+    actual_gname = strdup(gr->gr_name);
 
 #ifdef _OSD_POSIX
     /*