From 4893ecda29cc3018c78ea9866fad373732ff2916 Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Fri, 13 Feb 2015 23:24:10 +0000 Subject: suexec: Filter out HTTP_PROXY Some programs look there for the http proxy server. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1659711 13f79535-47bb-0310-9956-ffa450edef68 --- support/suexec.c | 16 +++++++++++++++- 1 file changed, 15 insertions(+), 1 deletion(-) (limited to 'support') diff --git a/support/suexec.c b/support/suexec.c index 32e73202a4..7cb3957c57 100644 --- a/support/suexec.c +++ b/support/suexec.c @@ -91,8 +91,8 @@ static FILE *log = NULL; static const char *const safe_env_lst[] = { /* variable name starts with */ - "HTTP_", "SSL_", + /* "HTTP_" is handled specially in clean_env() */ /* variable name is */ "AUTH_TYPE=", @@ -253,6 +253,20 @@ static void clean_env(void) cidx++; for (ep = envp; *ep && cidx < AP_ENVBUF-1; ep++) { + if (strncmp(*ep, "HTTP_", 5) == 0) { + if (strncmp(*ep + 5, "PROXY=", 6) == 0) { + /* + * HTTP_PROXY is treated as alias for http_proxy by some + * programs. + */ + } + else { + /* Other HTTP_* are safe */ + cleanenv[cidx] = *ep; + cidx++; + } + continue; + } for (idx = 0; safe_env_lst[idx]; idx++) { if (!strncmp(*ep, safe_env_lst[idx], strlen(safe_env_lst[idx]))) { -- cgit v1.2.3