--- suexec.c.orig Mon Jun 21 19:51:41 1999 +++ suexec.c Tue Jan 11 10:40:23 2000 @@ -248,12 +248,15 @@ char *actual_gname; /* actual group name */ char *prog; /* name of this program */ char *cmd; /* command to be executed */ + char *ncmd[MAX_ARGS + 1]; /* command to be executed */ char cwd[AP_MAXPATH]; /* current working directory */ char dwd[AP_MAXPATH]; /* docroot working directory */ struct passwd *pw; /* password entry holder */ struct group *gr; /* group entry holder */ struct stat dir_info; /* directory info holder */ struct stat prg_info; /* program info holder */ + char *myarg, *p; /* used to build ncmd */ + int i, j; /* used to build ncmd */ /* * If there are a proper number of arguments, set @@ -266,7 +269,22 @@ } target_uname = argv[1]; target_gname = argv[2]; - cmd = argv[3]; + myarg = strdup(argv[3]); + if (! myarg) { + log_err("out of memory!\n"); + exit(103); + } + cmd = myarg; + ncmd[0] = cmd; + i = 1; + p = cmd; + while ((i < MAX_ARGS) && ((p = strchr (p, ' ')) != NULL)) { + *p++ = '\0'; + ncmd[i++] = p; + } + for (j = 4; (i < MAX_ARGS) && (argv[j] != NULL); i++, j++) + ncmd[i] = argv[j]; + ncmd[i] = NULL; /* * Check existence/validity of the UID of the user @@ -547,10 +565,10 @@ { extern char **environ; - ap_execve(cmd, &argv[3], environ); + ap_execve(cmd, ncmd, environ); } #else /*NEED_HASHBANG_EMUL*/ - execv(cmd, &argv[3]); + execv(cmd, ncmd); #endif /*NEED_HASHBANG_EMUL*/ /* --- suexec.h.orig Fri Jan 1 13:05:35 1999 +++ suexec.h Tue Jan 11 10:29:59 2000 @@ -90,6 +90,13 @@ #endif /* + * MAX_ARGS -- Maximum number of command line args. + */ +#ifndef MAX_ARGS +#define MAX_ARGS 100 +#endif + +/* * USERDIR_SUFFIX -- Define to be the subdirectory under users' * home directories where suEXEC access should * be allowed. All executables under this directory