mod_cgid: Fix buffer overflow processing ScriptSock directive.

Submitted by:        Steve Kemp <steve steve.org.uk>
Reviewed/tweaked by: trawick

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@192995 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 104ba6b6d75b6a2cc62d4020405f4dbc7e2e7ff3..1bd701c9578718eebaf5c0724fe0af901eee9fd9 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
 Changes with Apache 2.1.6
   [Remove entries to the current 2.0 section below, when backported]
 
+  *) mod_cgid: Fix buffer overflow processing ScriptSock directive.
+     [Steve Kemp <steve steve.org.uk>]
+
 Changes with Apache 2.1.5
 
   *) SECURITY: 

diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c
index 997445972a2432cd26a88cc6bfc234386680c63f..0437f884ca3961a2fa2faef356b7b92cd29557c5 100644 (file)
--- a/modules/generators/mod_cgid.c
+++ b/modules/generators/mod_cgid.c
@@ -597,7 +597,7 @@ static int cgid_server(void *data)
 
     memset(&unix_addr, 0, sizeof(unix_addr));
     unix_addr.sun_family = AF_UNIX;
-    strcpy(unix_addr.sun_path, sockname);
+    apr_cpystrn(unix_addr.sun_path, sockname, sizeof unix_addr.sun_path);
 
     omask = umask(0077); /* so that only Apache can use socket */
     rc = bind(sd, (struct sockaddr *)&unix_addr, sizeof(unix_addr));
@@ -1112,7 +1112,7 @@ static int connect_to_daemon(int *sdptr, request_rec *r,
 
     memset(&unix_addr, 0, sizeof(unix_addr));
     unix_addr.sun_family = AF_UNIX;
-    strcpy(unix_addr.sun_path, sockname);
+    apr_cpystrn(unix_addr.sun_path, sockname, sizeof unix_addr.sun_path);
 
     connect_tries = 0;
     sliding_timer = 100000; /* 100 milliseconds */