diff options
| author | Stefan Fritsch <sf@apache.org> | 2015-02-14 00:24:10 +0100 |
|---|---|---|
| committer | Stefan Fritsch <sf@apache.org> | 2015-02-14 00:24:10 +0100 |
| commit | 4893ecda29cc3018c78ea9866fad373732ff2916 (patch) | |
| tree | 776bacdaa676c0bf0bdeacfdbb1fa4028dc31b2b /support | |
| parent | mod_proxy_http: Use the "Connection: close" header for requests to (diff) | |
| download | apache2-4893ecda29cc3018c78ea9866fad373732ff2916.tar.xz apache2-4893ecda29cc3018c78ea9866fad373732ff2916.zip | |
suexec: Filter out HTTP_PROXY
Some programs look there for the http proxy server.
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1659711 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'support')
| -rw-r--r-- | support/suexec.c | 16 |
1 files changed, 15 insertions, 1 deletions
diff --git a/support/suexec.c b/support/suexec.c index 32e73202a4..7cb3957c57 100644 --- a/support/suexec.c +++ b/support/suexec.c @@ -91,8 +91,8 @@ static FILE *log = NULL; static const char *const safe_env_lst[] = { /* variable name starts with */ - "HTTP_", "SSL_", + /* "HTTP_" is handled specially in clean_env() */ /* variable name is */ "AUTH_TYPE=", @@ -253,6 +253,20 @@ static void clean_env(void) cidx++; for (ep = envp; *ep && cidx < AP_ENVBUF-1; ep++) { + if (strncmp(*ep, "HTTP_", 5) == 0) { + if (strncmp(*ep + 5, "PROXY=", 6) == 0) { + /* + * HTTP_PROXY is treated as alias for http_proxy by some + * programs. + */ + } + else { + /* Other HTTP_* are safe */ + cleanenv[cidx] = *ep; + cidx++; + } + continue; + } for (idx = 0; safe_env_lst[idx]; idx++) { if (!strncmp(*ep, safe_env_lst[idx], strlen(safe_env_lst[idx]))) { |