From: Jeff Trawick Date: Wed, 22 Jun 2005 20:54:28 +0000 (+0000) Subject: mod_cgid: Fix buffer overflow processing ScriptSock directive. X-Git-Tag: 2.1.6~15 X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=badfb79c6792bbd5989d105cd7e10ed53990e3c7;p=apache mod_cgid: Fix buffer overflow processing ScriptSock directive. Submitted by: Steve Kemp Reviewed/tweaked by: trawick git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@192995 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 104ba6b6d7..1bd701c957 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,9 @@ Changes with Apache 2.1.6 [Remove entries to the current 2.0 section below, when backported] + *) mod_cgid: Fix buffer overflow processing ScriptSock directive. + [Steve Kemp ] + Changes with Apache 2.1.5 *) SECURITY: diff --git a/modules/generators/mod_cgid.c b/modules/generators/mod_cgid.c index 997445972a..0437f884ca 100644 --- a/modules/generators/mod_cgid.c +++ b/modules/generators/mod_cgid.c @@ -597,7 +597,7 @@ static int cgid_server(void *data) memset(&unix_addr, 0, sizeof(unix_addr)); unix_addr.sun_family = AF_UNIX; - strcpy(unix_addr.sun_path, sockname); + apr_cpystrn(unix_addr.sun_path, sockname, sizeof unix_addr.sun_path); omask = umask(0077); /* so that only Apache can use socket */ rc = bind(sd, (struct sockaddr *)&unix_addr, sizeof(unix_addr)); @@ -1112,7 +1112,7 @@ static int connect_to_daemon(int *sdptr, request_rec *r, memset(&unix_addr, 0, sizeof(unix_addr)); unix_addr.sun_family = AF_UNIX; - strcpy(unix_addr.sun_path, sockname); + apr_cpystrn(unix_addr.sun_path, sockname, sizeof unix_addr.sun_path); connect_tries = 0; sliding_timer = 100000; /* 100 milliseconds */