Avoid passing too many characters to getenv. Make sure that only the

environment variable string is passed.

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@98625 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/server/util.c b/server/util.c
index 330a5411534e8e1244271fa5a37f209063f270d9..246274edf5db033cbd2e842dec7d2c3c4489e2a5 100644 (file)
--- a/server/util.c
+++ b/server/util.c
@@ -837,8 +837,10 @@ AP_DECLARE(const char *) ap_resolve_env(apr_pool_t *p, const char * word)
                strncat(tmp,word,s - word);
                if ((s[1] == '{') && (e=ap_strchr_c(s,'}'))) {
                        const char *e2 = e;
+                       char *var;
                        word = e + 1;
-                       e = getenv(s+2);
+                       var = apr_pstrndup(p, s+2, e2-(s+2));
+                       e = getenv(var);
                        if (e) {
                            strcat(tmp,e);
                        } else {