You are viewing a plain text version of this content. The canonical link for it is here.

Posted to bugs@httpd.apache.org by bu...@apache.org on 2016/10/13 12:33:11 UTC

[Bug 60249] New: SetEnv, PassEnv, etc accept '=' in variable names

https://bz.apache.org/bugzilla/show_bug.cgi?id=60249

            Bug ID: 60249
           Summary: SetEnv, PassEnv, etc accept '=' in variable names
           Product: Apache httpd-2
           Version: 2.5-HEAD
          Hardware: PC
                OS: Mac OS X 10.4
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_env
          Assignee: bugs@httpd.apache.org
          Reporter: pobocks@gmail.com

In various functions, a config such as:

SetEnv MY_ENV_VAR=blah

can be passed to mod_env, which is silently accepted as the single-argument
form of the directive.

We've had multiple incidents where I work of people providing config of this
form; generally due to copying them from shell env var statements or mistakenly
using shell-style env assignment out of habit.  Since '=' is invalid in Env var
names across platforms and in relevant RFCs, it seems like this should signal
an error (apologies if it does already, but I haven't been able to find where
it does/would) 

I've had trouble finding what proper error-handling is in Apache files, so I
don't want to suggest any particular behavior, but whatever error handling
generally is in such places should be applied in cases where this happens.

-- 
You are receiving this mail because:
You are the assignee for the bug.

---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 60249] SetEnv, PassEnv, etc accept '=' in variable names

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60249

Eric Covener <co...@gmail.com> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
             Status|NEW                         |RESOLVED
         Resolution|---                         |FIXED

--- Comment #2 from Eric Covener <co...@gmail.com> ---
Produces warnings in 2.4.26

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org

[Bug 60249] SetEnv, PassEnv, etc accept '=' in variable names

Posted by bu...@apache.org.

https://bz.apache.org/bugzilla/show_bug.cgi?id=60249

Christophe JAILLET <ch...@wanadoo.fr> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |FixedInTrunk

--- Comment #1 from Christophe JAILLET <ch...@wanadoo.fr> ---
Fixed in trunk in r1795635.

I have added a warning when the configuration file is parsed.

-- 
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: bugs-unsubscribe@httpd.apache.org
For additional commands, e-mail: bugs-help@httpd.apache.org