aboutsummaryrefslogtreecommitdiffstats
path: root/main/lighttpd/CVE-2013-4559.patch
diff options
context:
space:
mode:
Diffstat (limited to 'main/lighttpd/CVE-2013-4559.patch')
-rw-r--r--main/lighttpd/CVE-2013-4559.patch33
1 files changed, 33 insertions, 0 deletions
diff --git a/main/lighttpd/CVE-2013-4559.patch b/main/lighttpd/CVE-2013-4559.patch
new file mode 100644
index 0000000000..e277f2a71d
--- /dev/null
+++ b/main/lighttpd/CVE-2013-4559.patch
@@ -0,0 +1,33 @@
+Index: lighttpd-1.4.x/src/server.c
+===================================================================
+--- lighttpd-1.4.x/src/server.c (revision 2922)
++++ lighttpd-1.4.x/src/server.c (revision 2923)
+@@ -820,8 +820,14 @@
+ * to /etc/group
+ * */
+ if (NULL != grp) {
+- setgid(grp->gr_gid);
+- setgroups(0, NULL);
++ if (-1 == setgid(grp->gr_gid)) {
++ log_error_write(srv, __FILE__, __LINE__, "ss", "setgid failed: ", strerror(errno));
++ return -1;
++ }
++ if (-1 == setgroups(0, NULL)) {
++ log_error_write(srv, __FILE__, __LINE__, "ss", "setgroups failed: ", strerror(errno));
++ return -1;
++ }
+ if (srv->srvconf.username->used) {
+ initgroups(srv->srvconf.username->ptr, grp->gr_gid);
+ }
+@@ -844,7 +850,10 @@
+ #ifdef HAVE_PWD_H
+ /* drop root privs */
+ if (NULL != pwd) {
+- setuid(pwd->pw_uid);
++ if (-1 == setuid(pwd->pw_uid)) {
++ log_error_write(srv, __FILE__, __LINE__, "ss", "setuid failed: ", strerror(errno));
++ return -1;
++ }
+ }
+ #endif
+ #if defined(HAVE_SYS_PRCTL_H) && defined(PR_SET_DUMPABLE)
generated by cgit v1.2.3 (git 2.25.1) at 2025-09-13 01:45:00 +0000