From: Roy T. Fielding <fielding@apache.org>
Date: Tue, 27 May 2008 23:10:47 +0000 (+0000)
Subject: Backport r655711
X-Git-Tag: 2.2.9~95
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5c8567b85ed0db87ffc0ccc391d707fa09f3e3f1;p=thirdparty%2Fapache%2Fhttpd.git

Backport r655711

When group is given as a numeric gid, validate it by looking up the
actual group name such that the name can be used in log entries.

PR: 7862
Submitted by: <y-koga apache.or.jp>, Leif W <warp-9.9 usa.net>
Reviewed by: fielding, jim, rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@660756 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 5c724d0d378..012561ab22a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.2.9
 
+  *) suexec: When group is given as a numeric gid, validate it by looking up
+     the actual group name such that the name can be used in log entries.
+     PR 7862 [<y-koga apache.or.jp>, Leif W <warp-9.9 usa.net>]
+
   *) Fix garbled TRACE response on EBCDIC platforms.
      [David Jones <oscaremma gmail.com>]
 
diff --git a/support/suexec.c b/support/suexec.c
index 1037a06c6ea..59371be0bb8 100644
--- a/support/suexec.c
+++ b/support/suexec.c
@@ -395,13 +395,15 @@ int main(int argc, char *argv[])
             log_err("invalid target group name: (%s)\n", target_gname);
             exit(106);
         }
-        gid = gr->gr_gid;
-        actual_gname = strdup(gr->gr_name);
     }
     else {
-        gid = atoi(target_gname);
-        actual_gname = strdup(target_gname);
+        if ((gr = getgrgid(atoi(target_gname))) == NULL) {
+            log_err("invalid target group id: (%s)\n", target_gname);
+            exit(106);
+        }
     }
+    gid = gr->gr_gid;
+    actual_gname = strdup(gr->gr_name);
 
 #ifdef _OSD_POSIX
     /*