php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login
Bug #68812 Unchecked return value
Submitted: 2015-01-12 15:48 UTC Modified: 2015-06-09 22:39 UTC
From: bugreports at internot dot info Assigned: gwang (profile)
Status: Closed Package: Other web server
PHP Version: master-Git-2015-01-12 (Git) OS: Linux Ubuntu 14.04
Private report: No CVE-ID: None
View Developer Edit
Welcome! If you don't have a Git account, you can't do anything here.
If you reported this bug, you can edit this bug over here.
(description)
Block user comment
Status: Assign to:
Package:
Bug Type:
Summary:
From: bugreports at internot dot info
New email:
PHP Version: OS:

 

 [2015-01-12 15:48 UTC] bugreports at internot dot info
Description:
------------
Hi,

In /sapi/litespeed/lsapilib.c:


3114        pw = getpwnam( "nobody" );


is not checked against NULL, as it is everywhere else.

This may cause a null pointer dereference.


Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-06-08 18:27 UTC] cmb@php.net
-Package: *General Issues +Package: Other web server -Assigned To: +Assigned To: gwang
 [2015-06-08 18:27 UTC] cmb@php.net
George, can you please have a look at this issue?
 [2015-06-08 19:52 UTC] gwang@php.net
Fix has been committed. You can apply following patch 

diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c
index baf0db3..a109909 100644
@@ -3131,10 +3131,20 @@ static int lsapi_initSuEXEC()
     if ( !s_defaultUid || !s_defaultGid )
     {
         pw = getpwnam( "nobody" );
-        if ( !s_defaultUid )
-            s_defaultUid = pw->pw_uid;
-        if ( !s_defaultGid )
-            s_defaultGid = pw->pw_gid;
+        if ( pw )
+        {
+            if ( !s_defaultUid )
+                s_defaultUid = pw->pw_uid;
+            if ( !s_defaultGid )
+                s_defaultGid = pw->pw_gid;
+        }
+        else
+        {
+            if ( !s_defaultUid )
+                s_defaultUid = 10000;
+            if ( !s_defaultGid )
+                s_defaultGid = 10000;
+        }
     }
     return 0;
 }
 [2015-06-09 12:02 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 [2015-06-09 12:02 UTC] cmb@php.net
The fix for this bug has been committed.

Thank you for the report, and for helping us make PHP better.
 [2015-06-09 22:39 UTC] stas@php.net
Please talk to me next time when (or even better, before) committing patches to 5.4. Otherwise they may be missed when upmerging and packaging the release.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved.
Last updated: Thu Nov 28 10:01:29 2024 UTC