From: André Malo <nd@apache.org>
Date: Sat, 22 Feb 2003 18:00:31 +0000 (+0000)
Subject: Be more pedantic when cleaning environment. Clean it
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=12626ff89fe0b53abaaf9260323803d550cb2024;p=thirdparty%2Fapache%2Fhttpd.git

Be more pedantic when cleaning environment. Clean it
immediately after startup.

PR: 2790, 10449
Submitted by: Jeff Stewart <jws@purdue.edu>


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@98761 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/src/CHANGES b/src/CHANGES
index 06e8f013280..7cf2d173091 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -1,5 +1,9 @@
 Changes with Apache 1.3.28
 
+  *) suexec: Be more pedantic when cleaning environment. Clean it
+     immediately after startup. PR 2790, 10449.
+     [Jeff Stewart <jws@purdue.edu>, André Malo]
+
   *) Fix apxs to insert LoadModule/AddModule directives only outside of
      sections. PR 8712, 9012.  [André Malo]
 
diff --git a/src/support/suexec.c b/src/support/suexec.c
index 39196a72089..54126ba08bf 100644
--- a/src/support/suexec.c
+++ b/src/support/suexec.c
@@ -131,45 +131,49 @@ static FILE *log = NULL;
 
 char *safe_env_lst[] =
 {
-    "AUTH_TYPE",
-    "CONTENT_LENGTH",
-    "CONTENT_TYPE",
-    "DATE_GMT",
-    "DATE_LOCAL",
-    "DOCUMENT_NAME",
-    "DOCUMENT_PATH_INFO",
-    "DOCUMENT_ROOT",
-    "DOCUMENT_URI",
-    "FILEPATH_INFO",
-    "GATEWAY_INTERFACE",
-    "LAST_MODIFIED",
-    "PATH_INFO",
-    "PATH_TRANSLATED",
-    "QUERY_STRING",
-    "QUERY_STRING_UNESCAPED",
-    "REMOTE_ADDR",
-    "REMOTE_HOST",
-    "REMOTE_IDENT",
-    "REMOTE_PORT",
-    "REMOTE_USER",
-    "REDIRECT_QUERY_STRING",
-    "REDIRECT_STATUS",
-    "REDIRECT_URL",
-    "REQUEST_METHOD",
-    "REQUEST_URI",
-    "SCRIPT_FILENAME",
-    "SCRIPT_NAME",
-    "SCRIPT_URI",
-    "SCRIPT_URL",
-    "SERVER_ADMIN",
-    "SERVER_NAME",
-    "SERVER_ADDR",
-    "SERVER_PORT",
-    "SERVER_PROTOCOL",
-    "SERVER_SOFTWARE",
-    "UNIQUE_ID",
-    "USER_NAME",
-    "TZ",
+    /* variable name starts with */
+    "HTTP_",
+
+    /* variable name is */
+    "AUTH_TYPE=",
+    "CONTENT_LENGTH=",
+    "CONTENT_TYPE=",
+    "DATE_GMT=",
+    "DATE_LOCAL=",
+    "DOCUMENT_NAME=",
+    "DOCUMENT_PATH_INFO=",
+    "DOCUMENT_ROOT=",
+    "DOCUMENT_URI=",
+    "FILEPATH_INFO=",
+    "GATEWAY_INTERFACE=",
+    "LAST_MODIFIED=",
+    "PATH_INFO=",
+    "PATH_TRANSLATED=",
+    "QUERY_STRING=",
+    "QUERY_STRING_UNESCAPED=",
+    "REMOTE_ADDR=",
+    "REMOTE_HOST=",
+    "REMOTE_IDENT=",
+    "REMOTE_PORT=",
+    "REMOTE_USER=",
+    "REDIRECT_QUERY_STRING=",
+    "REDIRECT_STATUS=",
+    "REDIRECT_URL=",
+    "REQUEST_METHOD=",
+    "REQUEST_URI=",
+    "SCRIPT_FILENAME=",
+    "SCRIPT_NAME=",
+    "SCRIPT_URI=",
+    "SCRIPT_URL=",
+    "SERVER_ADMIN=",
+    "SERVER_NAME=",
+    "SERVER_ADDR=",
+    "SERVER_PORT=",
+    "SERVER_PROTOCOL=",
+    "SERVER_SOFTWARE=",
+    "UNIQUE_ID=",
+    "USER_NAME=",
+    "TZ=",
     NULL
 };
 
@@ -222,6 +226,16 @@ static void clean_env(void)
     int cidx = 0;
     int idx;
 
+    /* While cleaning the environment, the environment should be clean.
+     * (e.g. malloc() may get the name of a file for writing debugging info.
+     * Bad news if MALLOC_DEBUG_FILE is set to /etc/passwd.  Sprintf() may be
+     * susceptible to bad locale settings....)
+     * (from PR 2790)
+     */
+    char **envp = environ;
+    char *empty_ptr = NULL;
+
+    environ = &empty_ptr; /* VERY safe environment */
 
     if ((cleanenv = (char **) calloc(AP_ENVBUF, sizeof(char *))) == NULL) {
         log_err("emerg: failed to malloc memory for environment\n");
@@ -232,21 +246,15 @@ static void clean_env(void)
     cleanenv[cidx] = strdup(pathbuf);
     cidx++;
 
-    for (ep = environ; *ep && cidx < AP_ENVBUF-1; ep++) {
-	if (!strncmp(*ep, "HTTP_", 5)) {
-	    cleanenv[cidx] = *ep;
-	    cidx++;
-	}
-	else {
-	    for (idx = 0; safe_env_lst[idx]; idx++) {
-		if (!strncmp(*ep, safe_env_lst[idx],
-			     strlen(safe_env_lst[idx]))) {
-		    cleanenv[cidx] = *ep;
-		    cidx++;
-		    break;
-		}
-	    }
-	}
+    for (ep = envp; *ep && cidx < AP_ENVBUF-1; ep++) {
+        for (idx = 0; safe_env_lst[idx]; idx++) {
+            if (!strncmp(*ep, safe_env_lst[idx],
+                         strlen(safe_env_lst[idx]))) {
+		cleanenv[cidx] = *ep;
+		cidx++;
+                break;
+            }
+        }
     }
 
     cleanenv[cidx] = NULL;
@@ -273,6 +281,11 @@ int main(int argc, char *argv[])
     struct stat dir_info;	/* directory info holder     */
     struct stat prg_info;	/* program info holder       */
 
+    /*
+     * Start with a "clean" environment
+     */
+    clean_env();
+
     prog = argv[0];
     /*
      * Check existence/validity of the UID of the user
@@ -595,7 +608,6 @@ int main(int argc, char *argv[])
     }
     umask(SUEXEC_UMASK);
 #endif /* SUEXEC_UMASK */
-    clean_env();
 
     /* 
      * Be sure to close the log file so the CGI can't