FPSE 2002 & FC4

Fedora Mailing List fedora at ows.ch
Wed Jun 29 11:36:46 UTC 2005


Hello
While trying to install Frontpage server ext 2002 on FC4 , and searching 
on ppl having the same problems ..
I found out this :
"

a bug in the fpcgid.c file. This bug keeps frontpage from executing 
properly if compiled with GCC 4 because it has error checking for buffer 
overflows. The problem is that the char szBuf variable which is defined 
to have a length of 10 is overflowed when the string "placeholder" is 
written to it. Increasing the size to 12 before compiling mod_frontpage 
seems to fix this problem... and all seems to be working well... that is 
unless I want to use the suexecusergroup directive  :( .   Which causes 
yet another error because frontpage tries to run as root rather than 
apache"

-------------

W/O changing the szBuf variable you will get this buffer overflow :

*** buffer overflow detected ***: /usr/sbin/httpd terminated
======= Backtrace: =========
/lib/libc.so.6(__chk_fail+0x41)[0x289565]
/lib/libc.so.6(__vsprintf_chk+0x0)[0x288e30]
/lib/libc.so.6(_IO_default_xsputn+0x97)[0x20bb58]
/lib/libc.so.6(_IO_vfprintf+0x17a)[0x1e5edc]
/lib/libc.so.6(__vsprintf_chk+0xa1)[0x288ed1]
/lib/libc.so.6(__sprintf_chk+0x30)[0x288e24]
/usr/lib/httpd/modules/mod_frontpage.so(fpcgid_handler+0x1ad)[0xac2d16]
/usr/sbin/httpd(ap_run_handler+0x41)[0x468f3c]
/usr/sbin/httpd(ap_invoke_handler+0x5d)[0x4692d7]
/usr/sbin/httpd(ap_process_request+0x172)[0x465e11]
/usr/sbin/httpd[0x460693]
/usr/sbin/httpd(ap_run_process_connection+0x41)[0x473afb]
/usr/sbin/httpd(ap_process_connection+0x51)[0x473e30]
/usr/sbin/httpd[0x466d9e]
/usr/sbin/httpd[0x46705a]
/usr/sbin/httpd[0x46712a]
/usr/sbin/httpd(ap_mpm_run+0x9d0)[0x467b0b]
/usr/sbin/httpd(main+0x5cb)[0x46e88e]
/lib/libc.so.6(__libc_start_main+0xc6)[0x1bfde6]
/usr/sbin/httpd[0x460151]
======= Memory map: ========
[Wed Jun 29 10:49:03 2005] [notice] child pid 28772 exit signal Aborted (6)

Once the szBuf variable changed to 12 frontpgae works
but any cgi accessed you get teh following error

[2005-06-29 11:54:39]: user mismatch (root instead of apache)
[2005-06-29 11:54:39]: user mismatch (root instead of apache)
[2005-06-29 12:09:52]: user mismatch (root instead of apache)

------------

Everything works perfect on FC3 . as long as frontpage_module is loaded 
before suexec_module

If any1 found a patch or a walkaround, I d appreciate to hear about it
Thx




More information about the fedora-list mailing list