Backport r655711

When group is given as a numeric gid, validate it by looking up the
actual group name such that the name can be used in log entries.

PR: 7862
Submitted by: <y-koga apache.or.jp>, Leif W <warp-9.9 usa.net>
Reviewed by: fielding, jim, rpluem

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@660756 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 5c724d0d378eb7fbe69acdb2d67c8528b7b47e7c..012561ab22ac62c045c1174c173400d440fbbf03 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.9
 
+  *) suexec: When group is given as a numeric gid, validate it by looking up
+     the actual group name such that the name can be used in log entries.
+     PR 7862 [<y-koga apache.or.jp>, Leif W <warp-9.9 usa.net>]
+
   *) Fix garbled TRACE response on EBCDIC platforms.
      [David Jones <oscaremma gmail.com>]
 

diff --git a/support/suexec.c b/support/suexec.c
index 1037a06c6eaf4f986a4ccc2553cf8650f799ae0d..59371be0bb8099317730c698ffc4269ddbe91497 100644 (file)
--- a/support/suexec.c
+++ b/support/suexec.c
@@ -395,13 +395,15 @@ int main(int argc, char *argv[])
             log_err("invalid target group name: (%s)\n", target_gname);
             exit(106);
         }
-        gid = gr->gr_gid;
-        actual_gname = strdup(gr->gr_name);
     }
     else {
-        gid = atoi(target_gname);
-        actual_gname = strdup(target_gname);
+        if ((gr = getgrgid(atoi(target_gname))) == NULL) {
+            log_err("invalid target group id: (%s)\n", target_gname);
+            exit(106);
+        }
     }
+    gid = gr->gr_gid;
+    actual_gname = strdup(gr->gr_name);
 
 #ifdef _OSD_POSIX
     /*