From a42c37fd05933d8b588b031072dc7637aebccb14 Mon Sep 17 00:00:00 2001 From: "Roy T. Fielding" Date: Tue, 13 May 2008 02:21:33 +0000 Subject: [PATCH] When group is given as a numeric gid, validate it by looking up the actual group name such that the name can be used in log entries. PR: 7862 Submitted by: , Leif W git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@655711 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 4 ++++ support/suexec.c | 10 ++++++---- 2 files changed, 10 insertions(+), 4 deletions(-) diff --git a/CHANGES b/CHANGES index 27cd3f16e0..faf4cedf96 100644 --- a/CHANGES +++ b/CHANGES @@ -2,6 +2,10 @@ Changes with Apache 2.3.0 [ When backported to 2.2.x, remove entry from this file ] + *) suexec: When group is given as a numeric gid, validate it by looking up + the actual group name such that the name can be used in log entries. + PR 7862 [, Leif W ] + *) ab: Improve client performance by clearing connection pool instead of destroying it. PR 40054 [Brad Roberts ] diff --git a/support/suexec.c b/support/suexec.c index 1037a06c6e..59371be0bb 100644 --- a/support/suexec.c +++ b/support/suexec.c @@ -395,13 +395,15 @@ int main(int argc, char *argv[]) log_err("invalid target group name: (%s)\n", target_gname); exit(106); } - gid = gr->gr_gid; - actual_gname = strdup(gr->gr_name); } else { - gid = atoi(target_gname); - actual_gname = strdup(target_gname); + if ((gr = getgrgid(atoi(target_gname))) == NULL) { + log_err("invalid target group id: (%s)\n", target_gname); + exit(106); + } } + gid = gr->gr_gid; + actual_gname = strdup(gr->gr_name); #ifdef _OSD_POSIX /* -- 2.40.0