php.net |  support |  documentation |  report a bug |  advanced search |  search howto |  statistics |  random bug |  login

go to bug id or search bugs for

Bug #68812 Unchecked return value
Submitted: 2015-01-12 15:48 UTC Modified: 2015-06-09 22:39 UTC
From: bugreports at internot dot info Assigned: gwang (profile)
Status: Closed Package: Other web server
PHP Version: master-Git-2015-01-12 (Git) OS: Linux Ubuntu 14.04
Private report: No CVE-ID: None
View Developer Edit
Welcome back! If you're the original bug submitter, here's where you can edit the bug or add additional notes.
If you forgot your password, you can retrieve your password here.
Password:
Status:
Package:
Bug Type:
Summary:
From: bugreports at internot dot info
New email:
PHP Version: OS:

 

 [2015-01-12 15:48 UTC] bugreports at internot dot info 
Description:
------------
Hi,

In /sapi/litespeed/lsapilib.c:


3114        pw = getpwnam( "nobody" );


is not checked against NULL, as it is everywhere else.

This may cause a null pointer dereference.

Patches

Pull Requests

History

AllCommentsChangesGit/SVN commitsRelated reports
 [2015-06-08 18:27 UTC] cmb@php.net
-Package: *General Issues +Package: Other web server -Assigned To: +Assigned To: gwang
 [2015-06-08 18:27 UTC] cmb@php.net 
George, can you please have a look at this issue?
 [2015-06-08 19:52 UTC] gwang@php.net 
Fix has been committed. You can apply following patch 

diff --git a/sapi/litespeed/lsapilib.c b/sapi/litespeed/lsapilib.c
index baf0db3..a109909 100644
@@ -3131,10 +3131,20 @@ static int lsapi_initSuEXEC()
     if ( !s_defaultUid || !s_defaultGid )
     {
         pw = getpwnam( "nobody" );
-        if ( !s_defaultUid )
-            s_defaultUid = pw->pw_uid;
-        if ( !s_defaultGid )
-            s_defaultGid = pw->pw_gid;
+        if ( pw )
+        {
+            if ( !s_defaultUid )
+                s_defaultUid = pw->pw_uid;
+            if ( !s_defaultGid )
+                s_defaultGid = pw->pw_gid;
+        }
+        else
+        {
+            if ( !s_defaultUid )
+                s_defaultUid = 10000;
+            if ( !s_defaultGid )
+                s_defaultGid = 10000;
+        }
     }
     return 0;
 }
 [2015-06-09 12:02 UTC] cmb@php.net
-Status: Assigned +Status: Closed
 [2015-06-09 12:02 UTC] cmb@php.net 
The fix for this bug has been committed.

Thank you for the report, and for helping us make PHP better.
 [2015-06-09 22:39 UTC] stas@php.net 
Please talk to me next time when (or even better, before) committing patches to 5.4. Otherwise they may be missed when upmerging and packaging the release.
 
PHP Copyright © 2001-2024 The PHP Group
All rights reserved. 		Last updated: Thu Nov 28 10:01:29 2024 UTC