aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorStefan Bühler <stbuehler@web.de>2009-04-11 13:25:56 +0000
committerStefan Bühler <stbuehler@web.de>2009-04-11 13:25:56 +0000
commitf3ea7f34be83dd2dcaeab6f7bb6feb8dc43f4d02 (patch)
tree54dd5f5141208690808475867b67ceb8cd1af3a3
parent2d155d6ce3773431e57e37b433f54576cb13ea88 (diff)
downloadspawn-fcgi-f3ea7f34be83dd2dcaeab6f7bb6feb8dc43f4d02.tar.gz
spawn-fcgi-f3ea7f34be83dd2dcaeab6f7bb6feb8dc43f4d02.zip
Fix problems with usernames starting with a digit and not existing uids; add warning if only user privs are dropped. (fixes #1959)
git-svn-id: svn://svn.lighttpd.net/spawn-fcgi/trunk@42 4a9f3682-ca7b-49a8-9a55-ba4640e46f83
-rw-r--r--NEWS1
-rw-r--r--src/spawn-fcgi.c23
2 files changed, 18 insertions, 6 deletions
diff --git a/NEWS b/NEWS
index 2ec82d6..479c348 100644
--- a/NEWS
+++ b/NEWS
@@ -6,6 +6,7 @@ NEWS
- 1.6.2 -
* Add homepage to README
* Add IPv6 support
+ * Fix problems with usernames starting with a digit and not existing uids; add warning if only user privs are dropped. (fixes #1959)
- 1.6.1 - 2009-03-29
diff --git a/src/spawn-fcgi.c b/src/spawn-fcgi.c
index cf999af..772a923 100644
--- a/src/spawn-fcgi.c
+++ b/src/spawn-fcgi.c
@@ -339,13 +339,14 @@ static int find_user_group(const char *user, const char *group, uid_t *uid, gid_
gid_t my_gid = 0;
struct passwd *my_pwd = NULL;
struct group *my_grp = NULL;
+ char *endptr = NULL;
*uid = 0; *gid = 0;
if (username) *username = NULL;
if (user) {
- my_uid = strtol(user, NULL, 10);
+ my_uid = strtol(user, &endptr, 10);
- if (my_uid <= 0) {
+ if (my_uid <= 0 || *endptr) {
if (NULL == (my_pwd = getpwnam(user))) {
fprintf(stderr, "spawn-fcgi: can't find user name %s\n", user);
return -1;
@@ -360,14 +361,14 @@ static int find_user_group(const char *user, const char *group, uid_t *uid, gid_
if (username) *username = user;
} else {
my_pwd = getpwuid(my_uid);
- if (username) *username = my_pwd->pw_name;
+ if (username && my_pwd) *username = my_pwd->pw_name;
}
}
if (group) {
- my_gid = strtol(group, NULL, 10);
+ my_gid = strtol(group, &endptr, 10);
- if (my_gid <= 0) {
+ if (my_gid <= 0 || *endptr) {
if (NULL == (my_grp = getgrnam(group))) {
fprintf(stderr, "spawn-fcgi: can't find group name %s\n", group);
return -1;
@@ -439,6 +440,7 @@ int main(int argc, char **argv) {
*sockusername = NULL, *sockgroupname = NULL, *fcgi_dir = NULL,
*addr = NULL;
char **fcgi_app_argv = { NULL };
+ char *endptr = NULL;
unsigned short port = 0;
int sockmode = -1;
int child_count = -1;
@@ -462,7 +464,12 @@ int main(int argc, char **argv) {
case 'f': fcgi_app = optarg; break;
case 'd': fcgi_dir = optarg; break;
case 'a': addr = optarg;/* ip addr */ break;
- case 'p': port = strtol(optarg, NULL, 10);/* port */ break;
+ case 'p': port = strtol(optarg, &endptr, 10);/* port */
+ if (*endptr) {
+ fprintf(stderr, "spawn-fcgi: invalid port: %u\n", (unsigned int) port);
+ return -1;
+ }
+ break;
case 'C': child_count = strtol(optarg, NULL, 10);/* */ break;
case 'F': fork_count = strtol(optarg, NULL, 10);/* */ break;
case 's': unixsocket = optarg; /* unix-domain socket */ break;
@@ -557,6 +564,10 @@ int main(int argc, char **argv) {
if (-1 == find_user_group(sockusername, sockgroupname, &sockuid, &sockgid, NULL))
return -1;
+ if (uid != 0 && gid == 0) {
+ fprintf(stderr, "spawn-fcgi: WARNING: couldn't find the user for uid %i and no group was specified, so only the user privileges will be dropped\n", (int) uid);
+ }
+
if (0 == sockuid) sockuid = uid;
if (0 == sockgid) sockgid = gid;