suexec: Filter out HTTP_PROXY

Some programs look there for the http proxy server.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1659711 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 1197bf42fefbfc750b6bada085feda319f1b4b62..fa122774c2df7e17ccb4589ec618e02d46d3dc9f 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,9 @@ Changes with Apache 2.5.0
      calls r:wsupgrade() can cause a child process crash. 
      [Edward Lu <Chaosed0 gmail.com>]
 
+  *) suexec: Filter out the HTTP_PROXY environment variable because it is
+     treated as alias for http_proxy by some programs. [Stefan Fritsch]
+
   *) mod_proxy_http: Use the "Connection: close" header for requests to
      backends not recycling connections (disablereuse), including the default
      reverse and forward proxies.  [Yann Ylavic]

diff --git a/support/suexec.c b/support/suexec.c
index 32e73202a4c13b721f6d1ff6b0b59518a1da92ac..7cb3957c571c07f664f7e8863e17e6328049c7a4 100644 (file)
--- a/support/suexec.c
+++ b/support/suexec.c
@@ -91,8 +91,8 @@ static FILE *log = NULL;
 static const char *const safe_env_lst[] =
 {
     /* variable name starts with */
-    "HTTP_",
     "SSL_",
+    /* "HTTP_" is handled specially in clean_env() */
 
     /* variable name is */
     "AUTH_TYPE=",
@@ -253,6 +253,20 @@ static void clean_env(void)
     cidx++;
 
     for (ep = envp; *ep && cidx < AP_ENVBUF-1; ep++) {
+        if (strncmp(*ep, "HTTP_", 5) == 0) {
+            if (strncmp(*ep + 5, "PROXY=", 6) == 0) {
+                /*
+                * HTTP_PROXY is treated as alias for http_proxy by some
+                * programs.
+                */
+            }
+            else {
+                /* Other HTTP_* are safe */
+                cleanenv[cidx] = *ep;
+                cidx++;
+            }
+            continue;
+        }
         for (idx = 0; safe_env_lst[idx]; idx++) {
             if (!strncmp(*ep, safe_env_lst[idx],
                          strlen(safe_env_lst[idx]))) {