From 355696b80f1787d2fe3768a5b29853288b92e3fa Mon Sep 17 00:00:00 2001 From: Stefan Esser Date: Thu, 15 May 2014 14:08:37 +0200 Subject: Better tracking of non existing/non executable logging scripts --- log.c | 28 +++++++++++++++++++++++++--- 1 file changed, 25 insertions(+), 3 deletions(-) diff --git a/log.c b/log.c index b1b373a..3edc119 100644 --- a/log.c +++ b/log.c @@ -296,13 +296,24 @@ log_sapi: char cmd[8192], *cmdpos, *bufpos; FILE *in; int space; + struct stat st; char *sname = SUHOSIN_G(log_scriptname); while (isspace(*sname)) ++sname; if (*sname == 0) goto log_phpscript; - ap_php_snprintf(cmd, sizeof(cmd), "%s %s \'", sname, loglevel2string(loglevel)); - space = sizeof(cmd) - strlen(cmd); + if (VCWD_STAT(sname, &st) < 0) { + suhosin_log(S_INTERNAL, "unable to find logging shell script %s - file dropped", sname); + goto log_phpscript; + } + if (access(sname, X_OK|R_OK) < 0) { + suhosin_log(S_INTERNAL, "logging shell script %s is not executable - file dropped", sname); + goto log_phpscript; + } + + /* TODO: clean up this code to calculate size of output dynamically */ + ap_php_snprintf(cmd, sizeof(cmd) - 20, "%s %s \'", sname, loglevel2string(loglevel)); + space = sizeof(cmd) - strlen(cmd) - 20; cmdpos = cmd + strlen(cmd); bufpos = buf; if (space <= 1) return; @@ -321,11 +332,16 @@ log_sapi: } } *cmdpos++ = '\''; + *cmdpos++ = ' '; + *cmdpos++ = '2'; + *cmdpos++ = '>'; + *cmdpos++ = '&'; + *cmdpos++ = '1'; *cmdpos = 0; if ((in=VCWD_POPEN(cmd, "r"))==NULL) { suhosin_log(S_INTERNAL, "Unable to execute logging shell script: %s", sname); - return; + goto log_phpscript; } /* read and forget the result */ while (1) { @@ -333,6 +349,12 @@ log_sapi: if (readbytes<=0) { break; } + if (strncmp(cmd, "sh: ", 4) == 0) { + /* assume this is an error */ + suhosin_log(S_INTERNAL, "Error while executing logging shell script: %s", sname); + pclose(in); + goto log_phpscript; + } } pclose(in); } -- cgit v1.3