Bug 65438 - mod_privileges.c / vhost_group not checking cfg->gid as intended
Summary: mod_privileges.c / vhost_group not checking cfg->gid as intended
Status: NEW
Alias: None
Product: Apache httpd-2
Classification: Unclassified
Component: mod_privileges (show other bugs)
Version: 2.4.48
Hardware: All Mac OS X 10.1
: P2 normal (vote)
Target Milestone: ---
Assignee: Apache HTTPD Bugs Mailing List
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2021-07-06 22:32 UTC by steve algernon
Modified: 2021-07-06 22:32 UTC (History)
0 users



Attachments

Note You need to log in before you can comment on or make changes to this bug.
Description steve algernon 2021-07-06 22:32:52 UTC
This is terribly trivial, but the check should be against the newly assigned cfg->gid rather than cfg->uid.

*** ./modules/arch/unix/mod_privileges.c.orig	2021-07-06 15:30:54.000000000 -0700
--- ./modules/arch/unix/mod_privileges.c	2021-07-06 15:31:05.000000000 -0700
***************
*** 432,438 ****
      priv_cfg *cfg = ap_get_module_config(cmd->server->module_config,
                                           &privileges_module);
      cfg->gid = ap_gname2id(arg);
!     if (cfg->uid == 0) {
          return apr_pstrcat(cmd->pool, "Invalid groupid for VHostGroup: ",
                             arg, NULL);
      }
--- 432,438 ----
      priv_cfg *cfg = ap_get_module_config(cmd->server->module_config,
                                           &privileges_module);
      cfg->gid = ap_gname2id(arg);
!     if (cfg->gid == 0) {
          return apr_pstrcat(cmd->pool, "Invalid groupid for VHostGroup: ",
                             arg, NULL);
      }