From owner-freebsd-ports Tue Feb 6 15: 0:23 2001 Delivered-To: freebsd-ports@hub.freebsd.org Received: from freefall.freebsd.org (freefall.freebsd.org [216.136.204.21]) by hub.freebsd.org (Postfix) with ESMTP id 42F7437B491 for ; Tue, 6 Feb 2001 15:00:03 -0800 (PST) Received: (from gnats@localhost) by freefall.freebsd.org (8.11.1/8.11.1) id f16N03C02983; Tue, 6 Feb 2001 15:00:03 -0800 (PST) (envelope-from gnats) Received: from xena.gsicomp.on.ca (cr677933-a.ktchnr1.on.wave.home.com [24.43.230.149]) by hub.freebsd.org (Postfix) with ESMTP id DACBC37B69C for ; Tue, 6 Feb 2001 14:54:49 -0800 (PST) Received: from gabby.gsicomp.on.ca (root@gabby.gsicomp.on.ca [192.168.0.2]) by xena.gsicomp.on.ca (8.11.1/8.9.3) with ESMTP id f16Mr3i36380; Tue, 6 Feb 2001 17:53:04 -0500 (EST) (envelope-from root@gabby.gsicomp.on.ca) Received: (from root@localhost) by gabby.gsicomp.on.ca (8.11.1/8.9.3) id f16MpWn71174; Tue, 6 Feb 2001 17:51:32 -0500 (EST) (envelope-from root) Message-Id: <200102062251.f16MpWn71174@gabby.gsicomp.on.ca> Date: Tue, 6 Feb 2001 17:51:32 -0500 (EST) From: matt@gsicomp.on.ca Reply-To: matt@gsicomp.on.ca To: FreeBSD-gnats-submit@freebsd.org, hetzels@westbend.net X-Send-Pr-Version: 3.2 Subject: ports/24912: www/apache13-fp has buggy mod_frontpage.c Sender: owner-freebsd-ports@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 24912 >Category: ports >Synopsis: mod_frontpage.c has a bogus sprintf() line which causes httpd to SIGSEGV >Confidential: no >Severity: serious >Priority: medium >Responsible: freebsd-ports >State: open >Quarter: >Keywords: >Date-Required: >Class: change-request >Submitter-Id: current-users >Arrival-Date: Tue Feb 06 15:00:01 PST 2001 >Closed-Date: >Last-Modified: >Originator: Matt Emmerton >Release: FreeBSD 4.2-STABLE i386 >Organization: GSI Computer Services >Environment: FreeBSD gabby.gsicomp.on.ca 4.2-STABLE FreeBSD 4.2-STABLE #0: Sat Jan 27 01:45:56 EST 2001 >Description: Line 637 of mod_frontpage.c has a sprintf() statement which has three format modifiers (%-.0124s, %d, %d) but only provides TWO variables which causes sprintf() to segfault. The format modifier '%-.0124s' is also obviously incorrect, and should be '%-.1024s' instead. >How-To-Repeat: make install ; apachectl start_FP; try to connect using FP2K client Make sure that the permissions and ownership of your webroot are *different* than that of webroot/_vti_pvt >Fix: --- files/mod_frontpage.c.orig Tue Feb 6 16:49:05 2001 +++ files/mod_frontpage.c Tue Feb 6 16:49:28 2001 @@ -634,7 +634,7 @@ * the owners and groups of both directories to match, and have both a * uid and gid in the allowable range. */ - sprintf(szFormat, "Incorrect permissions on webroot \"\%-.0124s\" and webroot's _vti_pvt directory, the owners and groups must match and have a uid >= %d and gid >= %d", LOWEST_VALID_UID, LOWEST_VALID_GID); + sprintf(szFormat, "Incorrect permissions on webroot \"\%-.1024s\" and webroot's _vti_pvt directory, the owners and groups must match and have a uid >= %d and gid >= %d", szBuf, LOWEST_VALID_UID, LOWEST_VALID_GID); LogFrontPageError(r->server, szFormat, szBuf, "FrontPageAlias()", FALSE); >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-ports" in the body of the message