[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

FPSE 2002 & FC4



Hello
While trying to install Frontpage server ext 2002 on FC4 , and searching on ppl having the same problems ..
I found out this :
"


a bug in the fpcgid.c file. This bug keeps frontpage from executing properly if compiled with GCC 4 because it has error checking for buffer overflows. The problem is that the char szBuf variable which is defined to have a length of 10 is overflowed when the string "placeholder" is written to it. Increasing the size to 12 before compiling mod_frontpage seems to fix this problem... and all seems to be working well... that is unless I want to use the suexecusergroup directive :( . Which causes yet another error because frontpage tries to run as root rather than apache"

-------------

W/O changing the szBuf variable you will get this buffer overflow :

*** buffer overflow detected ***: /usr/sbin/httpd terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x289565]
/lib/libc.so.6(__vsprintf_chk+0x0)[0x288e30]
/lib/libc.so.6(_IO_default_xsputn+0x97)[0x20bb58]
/lib/libc.so.6(_IO_vfprintf+0x17a)[0x1e5edc]
/lib/libc.so.6(__vsprintf_chk+0xa1)[0x288ed1]
/lib/libc.so.6(__sprintf_chk+0x30)[0x288e24]
/usr/lib/httpd/modules/mod_frontpage.so(fpcgid_handler+0x1ad)[0xac2d16]
/usr/sbin/httpd(ap_run_handler+0x41)[0x468f3c]
/usr/sbin/httpd(ap_invoke_handler+0x5d)[0x4692d7]
/usr/sbin/httpd(ap_process_request+0x172)[0x465e11]
/usr/sbin/httpd[0x460693]
/usr/sbin/httpd(ap_run_process_connection+0x41)[0x473afb]
/usr/sbin/httpd(ap_process_connection+0x51)[0x473e30]
/usr/sbin/httpd[0x466d9e]
/usr/sbin/httpd[0x46705a]
/usr/sbin/httpd[0x46712a]
/usr/sbin/httpd(ap_mpm_run+0x9d0)[0x467b0b]
/usr/sbin/httpd(main+0x5cb)[0x46e88e]
/lib/libc.so.6(__libc_start_main+0xc6)[0x1bfde6]
/usr/sbin/httpd[0x460151]
======= Memory map: ========
[Wed Jun 29 10:49:03 2005] [notice] child pid 28772 exit signal Aborted (6)

Once the szBuf variable changed to 12 frontpgae works
but any cgi accessed you get teh following error

[2005-06-29 11:54:39]: user mismatch (root instead of apache)
[2005-06-29 11:54:39]: user mismatch (root instead of apache)
[2005-06-29 12:09:52]: user mismatch (root instead of apache)

------------

Everything works perfect on FC3 . as long as frontpage_module is loaded before suexec_module

If any1 found a patch or a walkaround, I d appreciate to hear about it
Thx


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]