Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

segfault with assigned user id on OpenShift #2046

Merged
merged 1 commit into from
Nov 23, 2022
Merged

segfault with assigned user id on OpenShift #2046

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
10 changes: 7 additions & 3 deletions apache2/msc_logging.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -234,16 +234,20 @@ static char *construct_auditlog_filename(apr_pool_t *mp, const char *uniqueid) {
* This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
* It also changes the return statement.
*/
char *username;
char *userinfo;
apr_status_t rc;
apr_uid_t uid;
apr_gid_t gid;
apr_uid_current(&uid, &gid, mp);
apr_uid_name_get(&username, uid, mp);
rc = apr_uid_name_get(&userinfo, uid, mp);
if (rc != APR_SUCCESS) {
userinfo = apr_psprintf(mp, "%u", uid);
}

apr_time_exp_lt(&t, apr_time_now());

apr_strftime(tstr, &len, 299, "/%Y%m%d/%Y%m%d-%H%M/%Y%m%d-%H%M%S", &t);
return apr_psprintf(mp, "/%s%s-%s", username, tstr, uniqueid);
return apr_psprintf(mp, "/%s%s-%s", userinfo, tstr, uniqueid);
}

/**
Expand Down
29 changes: 19 additions & 10 deletions apache2/persist_dbm.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -104,11 +104,14 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec
/**
* This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
*/
char *username;
char *userinfo;
apr_uid_t uid;
apr_gid_t gid;
apr_uid_current(&uid, &gid, msr->mp);
apr_uid_name_get(&username, uid, msr->mp);
rc = apr_uid_name_get(&userinfo, uid, msr->mp);
if (rc != APR_SUCCESS) {
userinfo = apr_psprintf(msr->mp, "%u", uid);
}

if (msr->txcfg->data_dir == NULL) {
msr_log(msr, 1, "collection_retrieve_ex: Unable to retrieve collection (name \"%s\", key \"%s\"). Use "
Expand All @@ -117,7 +120,7 @@ static apr_table_t *collection_retrieve_ex(apr_sdbm_t *existing_dbm, modsec_rec
goto cleanup;
}

dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", col_name, NULL);
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", userinfo, "-", col_name, NULL);

if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "collection_retrieve_ex: collection_retrieve_ex: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, col_name),
Expand Down Expand Up @@ -385,11 +388,14 @@ int collection_store(modsec_rec *msr, apr_table_t *col) {
/**
* This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
*/
char *username;
char *userinfo;
apr_uid_t uid;
apr_gid_t gid;
apr_uid_current(&uid, &gid, msr->mp);
apr_uid_name_get(&username, uid, msr->mp);
rc = apr_uid_name_get(&userinfo, uid, msr->mp);
if (rc != APR_SUCCESS) {
userinfo = apr_psprintf(msr->mp, "%u", uid);
}

var_name = (msc_string *)apr_table_get(col, "__name");
if (var_name == NULL) {
Expand All @@ -409,7 +415,7 @@ int collection_store(modsec_rec *msr, apr_table_t *col) {
}

// ENH: lowercase the var name in the filename
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", var_name->value, NULL);
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", userinfo, "-", var_name->value, NULL);

if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "collection_store: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, var_name->value),
Expand Down Expand Up @@ -675,11 +681,14 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) {
/**
* This is required for mpm-itk & mod_ruid2, though should be harmless for other implementations
*/
char *username;
char *userinfo;
apr_uid_t uid;
apr_gid_t gid;
apr_uid_current(&uid, &gid, msr->mp);
apr_uid_name_get(&username, uid, msr->mp);
rc = apr_uid_name_get(&userinfo, uid, msr->mp);
if (rc != APR_SUCCESS) {
userinfo = apr_psprintf(msr->mp, "%u", uid);
}

if (msr->txcfg->data_dir == NULL) {
/* The user has been warned about this problem enough times already by now.
Expand All @@ -690,9 +699,9 @@ int collections_remove_stale(modsec_rec *msr, const char *col_name) {
}

if(strstr(col_name,"USER") || strstr(col_name,"SESSION") || strstr(col_name, "RESOURCE"))
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", msr->txcfg->webappid, "_", col_name, NULL);
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", userinfo, "-", msr->txcfg->webappid, "_", col_name, NULL);
else
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", username, "-", col_name, NULL);
dbm_filename = apr_pstrcat(msr->mp, msr->txcfg->data_dir, "/", userinfo, "-", col_name, NULL);

if (msr->txcfg->debuglog_level >= 9) {
msr_log(msr, 9, "collections_remove_stale: Retrieving collection (name \"%s\", filename \"%s\")",log_escape(msr->mp, col_name),
Expand Down