From nobody@hyperreal.com Sat Jan 4 12:07:18 1997 Received: by taz.hyperreal.com (8.8.3/V2.0) id MAA27842; Sat, 4 Jan 1997 12:07:18 -0800 (PST) Message-Id: <199701042007.MAA27842@taz.hyperreal.com> Date: Sat, 4 Jan 1997 12:07:18 -0800 (PST) From: Robert Kiessling Reply-To: robert@easynet.de To: apbugs@hyperreal.com Subject: suexec still problems with string handling X-Send-Pr-Version: 3.2 >Number: 83 >Category: other >Synopsis: suexec still problems with string handling >Confidential: no >Severity: critical >Priority: medium >Responsible: apache >State: closed >Class: sw-bug >Submitter-Id: apache >Arrival-Date: Sat Jan 4 12:10:01 1997 >Last-Modified: Fri Jan 24 07:48:27 PST 1997 >Originator: robert@easynet.de >Organization: >Release: 1.2b4 >Environment: IRIX 6.2, IRIX C compiler >Description: Hi, I just submitted a bug report including the string handling in suexec. Well, this has changed in 1.2b4, but is still bugous. The strings dwd and cwd are freeded although they are not pointers which have been allocated by malloc, but simple auto variables! This results in "undefined behaviour", which may mean crash. It's absolutely illegal to call free() with a variable if that kind. >How-To-Repeat: >Fix: simply delete all occurences of free() in suexec. >Audit-Trail: State-Changed-From-To: open-closed State-Changed-By: marc State-Changed-When: Fri Jan 24 07:48:27 PST 1997 State-Changed-Why: Fixed in version 1.9 of suexec.c, which will be included in 1.2b5 when released. >Unformatted: