From: William A. Rowe Jr <wrowe@apache.org>
Date: Thu, 21 Mar 2002 05:55:37 +0000 (+0000)
Subject:   Add the 'CgiCommandArgs off' directive, to allow paranoid admins
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=72f30ab9c3df907cb8b123ea3cc08d5253a3c5d8;p=thirdparty%2Fapache%2Fhttpd.git

  Add the 'CgiCommandArgs off' directive, to allow paranoid admins
  to disable the query argument passing mechanism in Apache.
  [Aaron Bannert]


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@94072 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/src/include/http_core.h b/src/include/http_core.h
index 4b92da8ed16..8ceaf730cff 100644
--- a/src/include/http_core.h
+++ b/src/include/http_core.h
@@ -196,6 +196,12 @@ typedef unsigned long etag_components_t;
 #define ETAG_BACKWARD (ETAG_MTIME | ETAG_INODE | ETAG_SIZE)
 #define ETAG_ALL   (ETAG_MTIME | ETAG_INODE | ETAG_SIZE)
 
+typedef enum {
+    AP_FLAG_UNSET = 0,
+    AP_FLAG_ON = 1,
+    AP_FLAG_OFF = 2
+} ap_flag_e;
+
 typedef struct {
     /* path of the directory/regex/etc.  see also d_is_fnmatch below */
     char *d;
@@ -331,6 +337,12 @@ typedef struct {
     etag_components_t etag_add;
     etag_components_t etag_remove;
 
+    /*
+     * Do we allow ISINDEX CGI scripts to pass their query argument as
+     * direct command line parameters or argv elements?
+     */
+    ap_flag_e cgi_command_args;
+
 } core_dir_config;
 
 /* Per-server core configuration */
diff --git a/src/main/http_core.c b/src/main/http_core.c
index b9770dbfc0e..61c675a3711 100644
--- a/src/main/http_core.c
+++ b/src/main/http_core.c
@@ -346,6 +346,10 @@ static void *merge_core_dir_configs(pool *a, void *basev, void *newv)
         conf->etag_bits &= (~ ETAG_NONE);
     }
 
+    if (new->cgi_command_args != AP_FLAG_UNSET) {
+        conf->cgi_command_args = new->cgi_command_args;
+    }
+
     return (void*)conf;
 }
 
@@ -2908,6 +2912,14 @@ static const char *set_interpreter_source(cmd_parms *cmd, core_dir_config *d,
 }
 #endif
 
+static const char *set_cgi_command_args(cmd_parms *cmd,
+                                              void *mconfig,
+                                              int arg)
+{
+    core_dir_config *cfg = (core_dir_config *)mconfig;
+    cfg->cgi_command_args = arg ? AP_FLAG_ON : AP_FLAG_OFF;
+    return NULL;
+}
 
 #ifdef CHARSET_EBCDIC
 
@@ -3385,6 +3397,8 @@ static const command_rec core_cmds[] = {
 { "ScriptInterpreterSource", set_interpreter_source, NULL, OR_FILEINFO, TAKE1,
   "Where to find interpreter to run Win32 scripts - Registry or Script (shebang line)" },
 #endif
+{ "CGICommandArgs", set_cgi_command_args, NULL, OR_OPTIONS, FLAG,
+  "Allow or Disallow CGI requests to pass args on the command line" },
 { "ServerTokens", set_serv_tokens, NULL, RSRC_CONF, TAKE1,
   "Tokens displayed in the Server: header - Min[imal], OS, Prod[uctOnly], Full" },
 { "LimitRequestLine", set_limit_req_line, NULL, RSRC_CONF, TAKE1,
diff --git a/src/main/util_script.c b/src/main/util_script.c
index faf9a89112e..5b4a6e492cf 100644
--- a/src/main/util_script.c
+++ b/src/main/util_script.c
@@ -769,15 +769,10 @@ API_EXPORT(int) ap_call_exec(request_rec *r, child_info *pinfo, char *argv0,
 			     char **env, int shellcmd)
 {
     int pid = 0;
-#if defined(RLIMIT_CPU)  || defined(RLIMIT_NPROC) || \
-    defined(RLIMIT_DATA) || defined(RLIMIT_VMEM) || defined (RLIMIT_AS)
-
     core_dir_config *conf;
     conf = (core_dir_config *) ap_get_module_config(r->per_dir_config,
 						    &core_module);
 
-#endif
-
 #if !defined(WIN32) && !defined(OS2)
     /* the fd on r->server->error_log is closed, but we need somewhere to
      * put the error messages from the log_* functions. So, we use stderr,
@@ -844,8 +839,11 @@ API_EXPORT(int) ap_call_exec(request_rec *r, child_info *pinfo, char *argv0,
         int env_len, e;
         char *env_block, *env_block_pos;
 
-	if (r->args && r->args[0] && !strchr(r->args, '='))
+	if ((conf->cgi_command_args != AP_FLAG_OFF)
+            && r->args && r->args[0]
+            && !strchr(r->args, '=')) {
 	    args = r->args;
+        }
 	    
 	program = fopen(r->filename, "rt");
 	
@@ -1023,7 +1021,9 @@ API_EXPORT(int) ap_call_exec(request_rec *r, child_info *pinfo, char *argv0,
              * Look at the arguments...
              */
             arguments = "";
-            if ((r->args) && (r->args[0]) && !strchr(r->args, '=')) { 
+            if ((conf->cgi_command_args != AP_FLAG_OFF)
+                 && (r->args) && (r->args[0])
+                 && !strchr(r->args, '=')) { 
                 /* If we are in this leg, there are some other arguments
                  * that we must include in the execution of the CGI.
                  * Because CreateProcess is the way it is, we have to
@@ -1242,7 +1242,9 @@ API_EXPORT(int) ap_call_exec(request_rec *r, child_info *pinfo, char *argv0,
 		   NULL, env);
 	}
 
-	else if ((!r->args) || (!r->args[0]) || strchr(r->args, '=')) {
+	else if ((conf->cgi_command_args == AP_FLAG_OFF)
+            || (!r->args) || (!r->args[0])
+            || strchr(r->args, '=')) {
 	    execle(SUEXEC_BIN, SUEXEC_BIN, execuser, grpname, argv0,
 		   NULL, env);
 	}
@@ -1259,7 +1261,9 @@ API_EXPORT(int) ap_call_exec(request_rec *r, child_info *pinfo, char *argv0,
 	    execle(SHELL_PATH, SHELL_PATH, "-c", argv0, NULL, env);
 	}
 
-	else if ((!r->args) || (!r->args[0]) || strchr(r->args, '=')) {
+	else if ((conf->cgi_command_args == AP_FLAG_OFF)
+            || (!r->args) || (!r->args[0])
+            || strchr(r->args, '=')) {
 	    execle(r->filename, argv0, NULL, env);
 	}