From: Guenter Knauf Date: Sat, 29 Oct 2011 19:44:45 +0000 (+0000) Subject: Applied backport: Invert logic for env var utf-8 fixing. X-Git-Tag: 2.2.22~96 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=25d44f350dd4a1b4e3dc54f28a9d030119a5537f;p=thirdparty%2Fapache%2Fhttpd.git Applied backport: Invert logic for env var utf-8 fixing. Now we exclude a list of vars which we know for sure they dont hold utf-8 chars; all other vars will be fixed. This has the benefit that now also all vars from 3rd-party modules will be fixed. git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1194999 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index e8d2c25dcb3..e5a97b2cd55 100644 --- a/CHANGES +++ b/CHANGES @@ -1,6 +1,12 @@ -*- coding: utf-8 -*- Changes with Apache 2.2.22 + *) mod_win32: Invert logic for env var UTF-8 fixing. + Now we exclude a list of vars which we know for sure they dont hold UTF-8 + chars; all other vars will be fixed. This has the benefit that now also + all vars from 3rd-party modules will be fixed. PR 13029 / 34985. + [Guenter Knauf] + *) SECURITY: CVE-2011-3368 (cve.mitre.org) Reject requests where the request-URI does not match the HTTP specification, preventing unexpected expansion of target URLs in diff --git a/STATUS b/STATUS index 4255835862e..edb46f00f96 100644 --- a/STATUS +++ b/STATUS @@ -92,18 +92,6 @@ RELEASE SHOWSTOPPERS: PATCHES ACCEPTED TO BACKPORT FROM TRUNK: [ start all new proposals below, under PATCHES PROPOSED. ] - * mod_win32: Invert logic for env var UTF-8 fixing. - Now we exclude a list of vars which we know for sure they - dont hold UTF-8 chars; all other vars will be fixed. This - has the benefit that now also all vars from 3rd-party modules - will be fixed. This fix is based on PR 13029 / 34985, and - includes now the SSL_ and GEOIP_ vars; otherwise its impossible - to run CGIs when mod_ssl and/or mod_geoip are loaded and those - mods return UTF-8 chars in any var during a request. - Trunk patch: http://svn.apache.org/viewvc/httpd/httpd/trunk/modules/arch/win32/mod_win32.c?r1=1054347&r2=1146932 - 2.2.x patch: http://people.apache.org/~fuankg/diffs/2.2.x-mod_win32.c.diff - +1: fuankg, gsmith, rjung - * mod_log_config: Fix segfault for 'BufferedLogs Off'. PR 50861. Trunk patch: http://svn.apache.org/viewvc?view=revision&revision=1082518 2.2.x patch: Trunk patch works diff --git a/modules/arch/win32/mod_win32.c b/modules/arch/win32/mod_win32.c index c2397ea1750..d22ebb8c798 100644 --- a/modules/arch/win32/mod_win32.c +++ b/modules/arch/win32/mod_win32.c @@ -531,13 +531,13 @@ static apr_status_t ap_cgi_build_command(const char **cmd, const char ***argv, * application (following the OEM or Ansi code page in effect.) */ for (i = 0; i < elts_arr->nelts; ++i) { - if (win_nt && elts[i].key && *elts[i].key - && (strncmp(elts[i].key, "HTTP_", 5) == 0 - || strncmp(elts[i].key, "SERVER_", 7) == 0 - || strncmp(elts[i].key, "REQUEST_", 8) == 0 - || strcmp(elts[i].key, "QUERY_STRING") == 0 - || strcmp(elts[i].key, "PATH_INFO") == 0 - || strcmp(elts[i].key, "PATH_TRANSLATED") == 0)) { + if (win_nt && elts[i].key && *elts[i].key && *elts[i].val + && !(strncmp(elts[i].key, "REMOTE_", 7) == 0 + || strcmp(elts[i].key, "GATEWAY_INTERFACE") == 0 + || strcmp(elts[i].key, "REQUEST_METHOD") == 0 + || strcmp(elts[i].key, "SERVER_ADDR") == 0 + || strcmp(elts[i].key, "SERVER_PORT") == 0 + || strcmp(elts[i].key, "SERVER_PROTOCOL") == 0)) { prep_string((const char**) &elts[i].val, r->pool); } }