Skip site navigation (1)Skip section navigation (2) 
Date:      Tue, 6 Feb 2001 17:51:32 -0500 (EST)
From:      matt@gsicomp.on.ca
To:        FreeBSD-gnats-submit@freebsd.org, hetzels@westbend.net
Subject:   ports/24912: www/apache13-fp has buggy mod_frontpage.c
Message-ID:  <200102062251.f16MpWn71174@gabby.gsicomp.on.ca>
next in thread | raw e-mail | index | archive | help 

>Number:         24912
>Category:       ports
>Synopsis:       mod_frontpage.c has a bogus sprintf() line which causes httpd to SIGSEGV
>Confidential:   no
>Severity:       serious
>Priority:       medium
>Responsible:    freebsd-ports
>State:          open
>Quarter:        
>Keywords:       
>Date-Required:
>Class:          change-request
>Submitter-Id:   current-users
>Arrival-Date:   Tue Feb 06 15:00:01 PST 2001
>Closed-Date:
>Last-Modified:
>Originator:     Matt Emmerton
>Release:        FreeBSD 4.2-STABLE i386
>Organization:
GSI Computer Services
>Environment:

FreeBSD gabby.gsicomp.on.ca 4.2-STABLE FreeBSD 4.2-STABLE #0: Sat Jan 27 01:45:56 EST 2001

>Description:

	Line 637 of mod_frontpage.c has a sprintf() statement which has three
	format modifiers (%-.0124s, %d, %d) but only provides TWO variables
	which causes sprintf() to segfault.

	The format modifier '%-.0124s' is also obviously incorrect, and 
	should be '%-.1024s' instead.
 
>How-To-Repeat:

	make install ; apachectl start_FP; try to connect using FP2K client
	Make sure that the permissions and ownership of your webroot are 
	*different* than that of webroot/_vti_pvt

>Fix:

--- files/mod_frontpage.c.orig	Tue Feb  6 16:49:05 2001
+++ files/mod_frontpage.c	Tue Feb  6 16:49:28 2001
@@ -634,7 +634,7 @@
          * the owners and groups of both directories to match, and have both a
          * uid and gid in the allowable range.
          */
-        sprintf(szFormat, "Incorrect permissions on webroot \"\%-.0124s\" and webroot's _vti_pvt directory, the owners and groups must match and have a uid >= %d and gid >= %d", LOWEST_VALID_UID, LOWEST_VALID_GID);
+        sprintf(szFormat, "Incorrect permissions on webroot \"\%-.1024s\" and webroot's _vti_pvt directory, the owners and groups must match and have a uid >= %d and gid >= %d", szBuf, LOWEST_VALID_UID, LOWEST_VALID_GID);
 
         LogFrontPageError(r->server, szFormat,
                           szBuf, "FrontPageAlias()", FALSE);

>Release-Note:
>Audit-Trail:
>Unformatted:


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-ports" in the body of the message

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200102062251.f16MpWn71174>