[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[Bug 33207] Results of my suexec.c code audit


--- Comment #4 from Roland Illig <roland.illig@xxxxxx> ---
Sorry, my bad, I didn't look close enough.

The issue with atoi is still there. That function should never be used in any
code. Not even when you know that the string only consists of digits, since
there is still the possibility of overflow. Undefined behavior. ;)

The sprintf call may still overflow the buffer.

The "unable to log" refers to the "exec failed" at the very bottom of the file.
At that point, the log files have been closed (see closelog and fclose further
above), and since the process has changed ownership by then, it will not be
able to write to the suexec log file. Luckily this is only in very specific
circumstances (file not executable even though it has the executable bit set),
so it would probably not happen too often. Still the code should be solid here.

All other items from the original report have been fixed in the meantime.

You are receiving this mail because:
You are the assignee for the bug.
To unsubscribe, e-mail: bugs-unsubscribe@xxxxxxxxxxxxxxxx
For additional commands, e-mail: bugs-help@xxxxxxxxxxxxxxxx