From 499c6c5268731d45b38e817ab62ac3a7af935c70 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Henrik=20Grubbstr=C3=B6m=20=28Grubba=29?=
 <grubba@grubba.org>
Date: Fri, 3 Apr 1998 22:56:00 +0200
Subject: [PATCH] Fixed security hole.

Rev: src/modules/Pipe/pipe.c:1.16
---
 src/modules/Pipe/pipe.c | 13 +++++++++++--
 1 file changed, 11 insertions(+), 2 deletions(-)

diff --git a/src/modules/Pipe/pipe.c b/src/modules/Pipe/pipe.c
index ed7ffad68f..68ce9d9e8c 100644
--- a/src/modules/Pipe/pipe.c
+++ b/src/modules/Pipe/pipe.c
@@ -22,7 +22,7 @@
 #include <fcntl.h>
 
 #include "global.h"
-RCSID("$Id: pipe.c,v 1.15 1998/04/03 20:23:00 grubba Exp $");
+RCSID("$Id: pipe.c,v 1.16 1998/04/03 20:56:00 grubba Exp $");
 
 #include "threads.h"
 #include "stralloc.h"
@@ -358,12 +358,16 @@ static INLINE void input_finish(void)
       push_int(1);    /* We don't care if we don't get all 8192 bytes. */
       apply(i->u.obj, "read", 2);
       if (sp[-1].type == T_STRING) {
+	write(2, "PIPE:input_finish(): Read:\"", 27);
+	write(2, sp[-1].u.string->str, sp[-1].u.string->len);	/***********/
+	write(2, "\"\n", 2);
 	append_buffer(sp[-1].u.string);
 	pop_stack();
 	THIS->sleeping = 1;
 	return;
       } else {
 	/* FIXME: Should we check the return value here? */
+	write(2, "PIPE:input_finish(): EOF!\n", 26);		/***********/
 	pop_stack();
 	/* EOF */
 	continue;
@@ -448,10 +452,15 @@ static INLINE struct pike_string* gimme_some_data(unsigned long pos)
 	  push_int(1);  /* We don't care if we don't get all 8192 bytes. */
 	  apply(this->firstinput->u.obj, "read", 2);
 	  if (sp[-1].type == T_STRING) {
+	    write(2, "PIPE:gimme_more_data(): Read:\"", 30);
+	    write(2, sp[-1].u.string->str, sp[-1].u.string->len);	/***********/
+	    write(2, "\"\n", 2);
 	    append_buffer(sp[-1].u.string);
 	  } else {
 	    /* FIXME: Should probably check the return value. */
 	    /* EOF */
+	    write(2, "PIPE:gimme_more_data(): EOF!\n", 29);		/***********/
+	    this->sleeping = 0;
 	    input_finish();
 	  }
 	  pop_stack();
@@ -684,7 +693,7 @@ static void pipe_input(INT32 args)
 #ifdef HAVE_GETEUID
 	 if(ou) {
 #ifdef HAVE_SETEUID
-	   seteuid(0);
+	   seteuid(ou);
 #else /* ! HAVE_SETEUID */
 #ifdef HAVE_SETREUID
 	   setresuid(-1, ou, -1);
-- 
GitLab