You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by sf...@apache.org on 2015/02/14 00:24:10 UTC
svn commit: r1659711 - in /httpd/httpd/trunk: CHANGES support/suexec.c
Author: sf
Date: Fri Feb 13 23:24:10 2015
New Revision: 1659711
URL: http://svn.apache.org/r1659711
Log:
suexec: Filter out HTTP_PROXY
Some programs look there for the http proxy server.
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/support/suexec.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=1659711&r1=1659710&r2=1659711&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Fri Feb 13 23:24:10 2015
@@ -6,6 +6,9 @@ Changes with Apache 2.5.0
calls r:wsupgrade() can cause a child process crash.
[Edward Lu <Chaosed0 gmail.com>]
+ *) suexec: Filter out the HTTP_PROXY environment variable because it is
+ treated as alias for http_proxy by some programs. [Stefan Fritsch]
+
*) mod_proxy_http: Use the "Connection: close" header for requests to
backends not recycling connections (disablereuse), including the default
reverse and forward proxies. [Yann Ylavic]
Modified: httpd/httpd/trunk/support/suexec.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/support/suexec.c?rev=1659711&r1=1659710&r2=1659711&view=diff
==============================================================================
--- httpd/httpd/trunk/support/suexec.c (original)
+++ httpd/httpd/trunk/support/suexec.c Fri Feb 13 23:24:10 2015
@@ -91,8 +91,8 @@ static FILE *log = NULL;
static const char *const safe_env_lst[] =
{
/* variable name starts with */
- "HTTP_",
"SSL_",
+ /* "HTTP_" is handled specially in clean_env() */
/* variable name is */
"AUTH_TYPE=",
@@ -253,6 +253,20 @@ static void clean_env(void)
cidx++;
for (ep = envp; *ep && cidx < AP_ENVBUF-1; ep++) {
+ if (strncmp(*ep, "HTTP_", 5) == 0) {
+ if (strncmp(*ep + 5, "PROXY=", 6) == 0) {
+ /*
+ * HTTP_PROXY is treated as alias for http_proxy by some
+ * programs.
+ */
+ }
+ else {
+ /* Other HTTP_* are safe */
+ cleanenv[cidx] = *ep;
+ cidx++;
+ }
+ continue;
+ }
for (idx = 0; safe_env_lst[idx]; idx++) {
if (!strncmp(*ep, safe_env_lst[idx],
strlen(safe_env_lst[idx]))) {