httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From "Zvi Har'El" ...@math.technion.ac.il>
Subject Re: [PATCH] SSL_* in suexec safe env list
Date Sun, 03 Feb 2002 17:23:05 GMT
Hi,

I agree with Joshua completely that the conditioning on mod_ssl is not
necessary. However, comparing with the apache 1.3 version of suexec.c, and the
fact that in 2.0 ssl_engine_kernel.c (line 1035) still sets the SSI/CGI
environment variable HTTPS=on , I would recommand to have a triple rather then
double strncmp:

-        if (!strncmp(*ep, "HTTP_", 5)) {
+        if (!strncmp(*ep, "HTTP_", 5) || !strncmp(*ep, "HTTPS", 5) ||
+			!strncmp(*ep, "SSL_", 4)) {


On Sat, 2 Feb 2002, Joshua Slive wrote:

> I think this is the "right thing", but I won't commit it myself without a
> couple "+1"s, because I don't trust myself mucking with suexec.  Someone
> suggested making this conditional on mod_ssl being included in the build,
> but I don't see the point.  There doesn't seem to be any danger in allowing
> SSL_ to pass in all cases.
>
> Index: suexec.c
> ===================================================================
> RCS file: /home/cvs/httpd-2.0/support/suexec.c,v
> retrieving revision 1.17
> diff -u -d -b -r1.17 suexec.c
> --- suexec.c    22 Nov 2001 07:42:13 -0000      1.17
> +++ suexec.c    2 Feb 2002 22:40:14 -0000
> @@ -227,7 +227,7 @@
>      cidx++;
>
>      for (ep = environ; *ep && cidx < AP_ENVBUF-1; ep++) {
> -        if (!strncmp(*ep, "HTTP_", 5)) {
> +        if (!strncmp(*ep, "HTTP_", 5) || !strncmp(*ep, "SSL_", 4)) {
>              cleanenv[cidx] = *ep;
>              cidx++;
>          }
>

-- 
Dr. Zvi Har'El     mailto:rl@math.technion.ac.il     Department of Mathematics
tel:+972-54-227607                   Technion - Israel Institute of Technology
fax:+972-4-8324654 http://www.math.technion.ac.il/~rl/     Haifa 32000, ISRAEL
"If you can't say somethin' nice, don't say nothin' at all." -- Thumper (1942)
                             Sunday, 22 Shevat 5762,  3 February 2002,  7:13PM


Mime
View raw message