From 9f53fda6c26eb3c856993d3ffbfa8d768d3c84f7 Mon Sep 17 00:00:00 2001
From: "William A. Rowe Jr" <wrowe@apache.org>
Date: Thu, 20 Mar 2003 21:50:40 +0000
Subject: [PATCH]   SECURITY:  Eliminated leaks of several file descriptors to
 child   processes, such as CGI scripts.

PR: 17206
Submitted by:	Christian Kratzer <ck@cksoft.de>, Bjoern A. Zeeb <bz@zabbadoz.net>
Reviewed by:	Joe Orton, Will Rowe


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@99032 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                          | 6 ++++++
 modules/loggers/mod_log_config.c | 1 -
 modules/mappers/mod_rewrite.c    | 1 -
 server/log.c                     | 2 --
 server/mpm/worker/pod.c          | 4 ++++
 server/mpm_common.c              | 4 ++++
 6 files changed, 14 insertions(+), 4 deletions(-)

diff --git a/CHANGES b/CHANGES
index 4c06afa698..db848cef4b 100644
--- a/CHANGES
+++ b/CHANGES
@@ -156,6 +156,12 @@ Changes with Apache 2.1.0-dev
 
 Changes with Apache 2.0.45
 
+  *) SECURITY:  Eliminated leaks of several file descriptors to child
+     processes, such as CGI scripts.  This fix depends on the latest
+     APR library release 0.9.2, which is distributed with the httpd 
+     source tarball for Apache 2.0.45.  PR 17206
+     [Christian Kratzer <ck@cksoft.de>, Bjoern A. Zeeb <bz@zabbadoz.net>]
+
   *) Prevent endless loops of internal redirects in mod_rewrite by
      aborting after exceeding a limit of internal redirects. The
      limit defaults to 10 and can be changed using the RewriteOptions
diff --git a/modules/loggers/mod_log_config.c b/modules/loggers/mod_log_config.c
index 032b806d9b..0e28ac5f99 100644
--- a/modules/loggers/mod_log_config.c
+++ b/modules/loggers/mod_log_config.c
@@ -1300,7 +1300,6 @@ static void *ap_default_log_writer_init(apr_pool_t *p, server_rec *s,
                             "could not open transfer log file %s.", fname);
             return NULL;
         }
-        apr_file_inherit_set(fd);
         return fd;
     }
 }
diff --git a/modules/mappers/mod_rewrite.c b/modules/mappers/mod_rewrite.c
index a5b8fdc7ef..d95249b215 100644
--- a/modules/mappers/mod_rewrite.c
+++ b/modules/mappers/mod_rewrite.c
@@ -3429,7 +3429,6 @@ static void open_rewritelog(server_rec *s, apr_pool_t *p)
                          "file %s", fname);
             exit(1);
         }
-        apr_file_inherit_set(conf->rewritelogfp);
     }
     return;
 }
diff --git a/server/log.c b/server/log.c
index ec7c44acfd..95ab4aa2e8 100644
--- a/server/log.c
+++ b/server/log.c
@@ -320,8 +320,6 @@ static int open_error_log(server_rec *s, apr_pool_t *p)
                          ap_server_argv0, fname);
             return DONE;
         }
-
-        apr_file_inherit_set(s->error_log);
     }
 
     return OK;
diff --git a/server/mpm/worker/pod.c b/server/mpm/worker/pod.c
index e568d229f0..072777c9c7 100644
--- a/server/mpm/worker/pod.c
+++ b/server/mpm/worker/pod.c
@@ -76,6 +76,10 @@ AP_DECLARE(apr_status_t) ap_mpm_pod_open(apr_pool_t *p, ap_pod_t **pod)
 */
     (*pod)->p = p;
     
+    /* close these before exec. */
+    apr_file_unset_inherit((*pod)->pod_in);
+    apr_file_unset_inherit((*pod)->pod_out);
+
     return APR_SUCCESS;
 }
 
diff --git a/server/mpm_common.c b/server/mpm_common.c
index 86e8ceba85..0632ed63ba 100644
--- a/server/mpm_common.c
+++ b/server/mpm_common.c
@@ -410,6 +410,10 @@ AP_DECLARE(apr_status_t) ap_mpm_pod_open(apr_pool_t *p, ap_pod_t **pod)
     apr_sockaddr_info_get(&(*pod)->sa, ap_listeners->bind_addr->hostname,
                           APR_UNSPEC, ap_listeners->bind_addr->port, 0, p);
 
+    /* close these before exec. */
+    apr_file_unset_inherit((*pod)->pod_in);
+    apr_file_unset_inherit((*pod)->pod_out);
+
     return APR_SUCCESS;
 }
 
-- 
2.40.0