httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: apache-1.3/src/support suexec.c
Date Sat, 22 Feb 2003 18:00:31 GMT
nd          2003/02/22 10:00:31

  Modified:    src      CHANGES
               src/support suexec.c
  Log:
  Be more pedantic when cleaning environment. Clean it
  immediately after startup.
  
  PR: 2790, 10449
  Submitted by: Jeff Stewart <jws@purdue.edu>
  
  Revision  Changes    Path
  1.1882    +4 -0      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1881
  retrieving revision 1.1882
  diff -u -r1.1881 -r1.1882
  --- CHANGES	22 Feb 2003 17:06:16 -0000	1.1881
  +++ CHANGES	22 Feb 2003 18:00:29 -0000	1.1882
  @@ -1,5 +1,9 @@
   Changes with Apache 1.3.28
   
  +  *) suexec: Be more pedantic when cleaning environment. Clean it
  +     immediately after startup. PR 2790, 10449.
  +     [Jeff Stewart <jws@purdue.edu>, André Malo]
  +
     *) Fix apxs to insert LoadModule/AddModule directives only outside of
        sections. PR 8712, 9012.  [André Malo]
   
  
  
  
  1.61      +67 -55    apache-1.3/src/support/suexec.c
  
  Index: suexec.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/support/suexec.c,v
  retrieving revision 1.60
  retrieving revision 1.61
  diff -u -r1.60 -r1.61
  --- suexec.c	22 Feb 2003 15:25:44 -0000	1.60
  +++ suexec.c	22 Feb 2003 18:00:31 -0000	1.61
  @@ -131,45 +131,49 @@
   
   char *safe_env_lst[] =
   {
  -    "AUTH_TYPE",
  -    "CONTENT_LENGTH",
  -    "CONTENT_TYPE",
  -    "DATE_GMT",
  -    "DATE_LOCAL",
  -    "DOCUMENT_NAME",
  -    "DOCUMENT_PATH_INFO",
  -    "DOCUMENT_ROOT",
  -    "DOCUMENT_URI",
  -    "FILEPATH_INFO",
  -    "GATEWAY_INTERFACE",
  -    "LAST_MODIFIED",
  -    "PATH_INFO",
  -    "PATH_TRANSLATED",
  -    "QUERY_STRING",
  -    "QUERY_STRING_UNESCAPED",
  -    "REMOTE_ADDR",
  -    "REMOTE_HOST",
  -    "REMOTE_IDENT",
  -    "REMOTE_PORT",
  -    "REMOTE_USER",
  -    "REDIRECT_QUERY_STRING",
  -    "REDIRECT_STATUS",
  -    "REDIRECT_URL",
  -    "REQUEST_METHOD",
  -    "REQUEST_URI",
  -    "SCRIPT_FILENAME",
  -    "SCRIPT_NAME",
  -    "SCRIPT_URI",
  -    "SCRIPT_URL",
  -    "SERVER_ADMIN",
  -    "SERVER_NAME",
  -    "SERVER_ADDR",
  -    "SERVER_PORT",
  -    "SERVER_PROTOCOL",
  -    "SERVER_SOFTWARE",
  -    "UNIQUE_ID",
  -    "USER_NAME",
  -    "TZ",
  +    /* variable name starts with */
  +    "HTTP_",
  +
  +    /* variable name is */
  +    "AUTH_TYPE=",
  +    "CONTENT_LENGTH=",
  +    "CONTENT_TYPE=",
  +    "DATE_GMT=",
  +    "DATE_LOCAL=",
  +    "DOCUMENT_NAME=",
  +    "DOCUMENT_PATH_INFO=",
  +    "DOCUMENT_ROOT=",
  +    "DOCUMENT_URI=",
  +    "FILEPATH_INFO=",
  +    "GATEWAY_INTERFACE=",
  +    "LAST_MODIFIED=",
  +    "PATH_INFO=",
  +    "PATH_TRANSLATED=",
  +    "QUERY_STRING=",
  +    "QUERY_STRING_UNESCAPED=",
  +    "REMOTE_ADDR=",
  +    "REMOTE_HOST=",
  +    "REMOTE_IDENT=",
  +    "REMOTE_PORT=",
  +    "REMOTE_USER=",
  +    "REDIRECT_QUERY_STRING=",
  +    "REDIRECT_STATUS=",
  +    "REDIRECT_URL=",
  +    "REQUEST_METHOD=",
  +    "REQUEST_URI=",
  +    "SCRIPT_FILENAME=",
  +    "SCRIPT_NAME=",
  +    "SCRIPT_URI=",
  +    "SCRIPT_URL=",
  +    "SERVER_ADMIN=",
  +    "SERVER_NAME=",
  +    "SERVER_ADDR=",
  +    "SERVER_PORT=",
  +    "SERVER_PROTOCOL=",
  +    "SERVER_SOFTWARE=",
  +    "UNIQUE_ID=",
  +    "USER_NAME=",
  +    "TZ=",
       NULL
   };
   
  @@ -222,6 +226,16 @@
       int cidx = 0;
       int idx;
   
  +    /* While cleaning the environment, the environment should be clean.
  +     * (e.g. malloc() may get the name of a file for writing debugging info.
  +     * Bad news if MALLOC_DEBUG_FILE is set to /etc/passwd.  Sprintf() may be
  +     * susceptible to bad locale settings....)
  +     * (from PR 2790)
  +     */
  +    char **envp = environ;
  +    char *empty_ptr = NULL;
  +
  +    environ = &empty_ptr; /* VERY safe environment */
   
       if ((cleanenv = (char **) calloc(AP_ENVBUF, sizeof(char *))) == NULL) {
           log_err("emerg: failed to malloc memory for environment\n");
  @@ -232,21 +246,15 @@
       cleanenv[cidx] = strdup(pathbuf);
       cidx++;
   
  -    for (ep = environ; *ep && cidx < AP_ENVBUF-1; ep++) {
  -	if (!strncmp(*ep, "HTTP_", 5)) {
  -	    cleanenv[cidx] = *ep;
  -	    cidx++;
  -	}
  -	else {
  -	    for (idx = 0; safe_env_lst[idx]; idx++) {
  -		if (!strncmp(*ep, safe_env_lst[idx],
  -			     strlen(safe_env_lst[idx]))) {
  -		    cleanenv[cidx] = *ep;
  -		    cidx++;
  -		    break;
  -		}
  -	    }
  -	}
  +    for (ep = envp; *ep && cidx < AP_ENVBUF-1; ep++) {
  +        for (idx = 0; safe_env_lst[idx]; idx++) {
  +            if (!strncmp(*ep, safe_env_lst[idx],
  +                         strlen(safe_env_lst[idx]))) {
  +		cleanenv[cidx] = *ep;
  +		cidx++;
  +                break;
  +            }
  +        }
       }
   
       cleanenv[cidx] = NULL;
  @@ -273,6 +281,11 @@
       struct stat dir_info;	/* directory info holder     */
       struct stat prg_info;	/* program info holder       */
   
  +    /*
  +     * Start with a "clean" environment
  +     */
  +    clean_env();
  +
       prog = argv[0];
       /*
        * Check existence/validity of the UID of the user
  @@ -595,7 +608,6 @@
       }
       umask(SUEXEC_UMASK);
   #endif /* SUEXEC_UMASK */
  -    clean_env();
   
       /* 
        * Be sure to close the log file so the CGI can't
  
  
  

Mime
View raw message