From 4893ecda29cc3018c78ea9866fad373732ff2916 Mon Sep 17 00:00:00 2001 From: Stefan Fritsch Date: Fri, 13 Feb 2015 23:24:10 +0000 Subject: [PATCH] suexec: Filter out HTTP_PROXY Some programs look there for the http proxy server. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1659711 13f79535-47bb-0310-9956-ffa450edef68 --- CHANGES | 3 +++ support/suexec.c | 16 +++++++++++++++- 2 files changed, 18 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index 1197bf42fe..fa122774c2 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,9 @@ Changes with Apache 2.5.0 calls r:wsupgrade() can cause a child process crash. [Edward Lu ] + *) suexec: Filter out the HTTP_PROXY environment variable because it is + treated as alias for http_proxy by some programs. [Stefan Fritsch] + *) mod_proxy_http: Use the "Connection: close" header for requests to backends not recycling connections (disablereuse), including the default reverse and forward proxies. [Yann Ylavic] diff --git a/support/suexec.c b/support/suexec.c index 32e73202a4..7cb3957c57 100644 --- a/support/suexec.c +++ b/support/suexec.c @@ -91,8 +91,8 @@ static FILE *log = NULL; static const char *const safe_env_lst[] = { /* variable name starts with */ - "HTTP_", "SSL_", + /* "HTTP_" is handled specially in clean_env() */ /* variable name is */ "AUTH_TYPE=", @@ -253,6 +253,20 @@ static void clean_env(void) cidx++; for (ep = envp; *ep && cidx < AP_ENVBUF-1; ep++) { + if (strncmp(*ep, "HTTP_", 5) == 0) { + if (strncmp(*ep + 5, "PROXY=", 6) == 0) { + /* + * HTTP_PROXY is treated as alias for http_proxy by some + * programs. + */ + } + else { + /* Other HTTP_* are safe */ + cleanenv[cidx] = *ep; + cidx++; + } + continue; + } for (idx = 0; safe_env_lst[idx]; idx++) { if (!strncmp(*ep, safe_env_lst[idx], strlen(safe_env_lst[idx]))) { -- 2.40.0