Index: cgi-wrapper.c

29 Apr 1998


      There's a bug in the new version of the cgi-wrapper.c program, which
the following patch fixes, and more.
The bug appears on error reporting, when the invoking process UID or
GID doesn't match the configured setting - then a "%s" in the error
report string causes a segfault when it's mapped onto the
LEGAL_PARENT_UID or _GID.
While the fix is obvious (change the two occurrences of "%s" to "%d"),
the patches do a bit more than that.  They also change the type of the
main() routine to int, since gcc seems to expect that.  (When the type
was void gcc complained about it not being an int, and i figure gcc
knows what it's doing.  I don't, when it comes to C.  (...Caveat
emptor...-))
Ken
Index: cgi-wrapper.c
RCS file: /projects/cvsroot/mailman/src/cgi-wrapper.c,v
retrieving revision 1.1
retrieving revision 1.2
diff -c -r1.1 -r1.2
*** cgi-wrapper.c	1998/04/03 00:12:57	1.1
--- cgi-wrapper.c	1998/04/28 22:36:07	1.2

*** 53,69 ****
/* compare to our parent's uid */
if(LEGAL_PARENT_UID != getuid())
{
! 	err("Attempt to exec cgi %s made by uid %d", LEGAL_PARENT_UID,
getuid());
}
if(LEGAL_PARENT_GID != getgid())
{
! 	err("Attempt to exec cgi %s made by gid %d", LEGAL_PARENT_GID,
getgid());
}
}
! void main(int argc, char **argv, char **env)
{
int   i;
--- 53,69 ----
/* compare to our parent's uid */
if(LEGAL_PARENT_UID != getuid())
{
! 	err("Attempt to exec cgi %d made by uid %d", LEGAL_PARENT_UID,
getuid());
}
if(LEGAL_PARENT_GID != getgid())
{
! 	err("Attempt to exec cgi %d made by gid %d", LEGAL_PARENT_GID,
getgid());
}
}
! int main(int argc, char **argv, char **env)
{
int   i;
Index: mail-wrapper.c
RCS file: /projects/cvsroot/mailman/src/mail-wrapper.c,v
retrieving revision 1.5
retrieving revision 1.6
diff -c -r1.5 -r1.6
*** mail-wrapper.c	1998/03/30 16:28:22	1.5
--- mail-wrapper.c	1998/04/28 22:36:29	1.6

*** 107,113 ****
return 0;
}
! void main(int argc, char **argv) {
char  *command;
int   i;
--- 107,113 ----
return 0;
}
! int main(int argc, char **argv) {
char  *command;
int   i;
Index: alias-wrapper.c
RCS file: /projects/cvsroot/mailman/src/alias-wrapper.c,v
retrieving revision 1.3
retrieving revision 1.5
diff -c -r1.3 -r1.5
*** alias-wrapper.c	1998/03/05 23:46:45	1.3
--- alias-wrapper.c	1998/04/28 22:38:18	1.5

*** 60,66 ****
}
}
! void main(int argc, char **argv, char **env)
{
char  *command;
int   i;
--- 60,66 ----
}
}
! int main(int argc, char **argv, char **env)
{
char  *command;
int   i;

*** 78,83 ****
--- 78,85 ----
else
{
printf("Illegal caller!\n");

  return 1;
}

return 0;
}

wrapper programs bug fix

Ken Manheimer

Index: cgi-wrapper.c

Index: mail-wrapper.c

Index: alias-wrapper.c

tags

participants (1)