httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Joshua Slive" <jos...@slive.ca>
Subject [PATCH] SSL_* in suexec safe env list
Date Sat, 02 Feb 2002 22:49:33 GMT
I think this is the "right thing", but I won't commit it myself without a
couple "+1"s, because I don't trust myself mucking with suexec.  Someone
suggested making this conditional on mod_ssl being included in the build,
but I don't see the point.  There doesn't seem to be any danger in allowing
SSL_ to pass in all cases.

Index: suexec.c
===================================================================
RCS file: /home/cvs/httpd-2.0/support/suexec.c,v
retrieving revision 1.17
diff -u -d -b -r1.17 suexec.c
--- suexec.c    22 Nov 2001 07:42:13 -0000      1.17
+++ suexec.c    2 Feb 2002 22:40:14 -0000
@@ -227,7 +227,7 @@
     cidx++;

     for (ep = environ; *ep && cidx < AP_ENVBUF-1; ep++) {
-        if (!strncmp(*ep, "HTTP_", 5)) {
+        if (!strncmp(*ep, "HTTP_", 5) || !strncmp(*ep, "SSL_", 4)) {
             cleanenv[cidx] = *ep;
             cidx++;
         }


Mime
View raw message