From: Graham Leggett <minfrin@apache.org>
Date: Sun, 5 Jul 2020 12:58:58 +0000 (+0000)
Subject:   *) mod_proxy_fcgi: Don't unset when condition is false. PR64365
X-Git-Tag: 2.4.44~49
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e5a20cf485aa22e72a0e12bc3793a00d42ad15f3;p=thirdparty%2Fapache%2Fhttpd.git

  *) mod_proxy_fcgi: Don't unset when condition is false. PR64365
     trunk patch:
        - http://svn.apache.org/r1877829
        - http://svn.apache.org/r1877830
     2.4.x patch: svn merge -c 1877829,1877830 ^/httpd/httpd/trunk .
    +1: covener, ylavic, rpluem


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1879525 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/CHANGES b/CHANGES
index 40fa12e9c38..f8ffce7b6ed 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,9 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.4.44
 
+  *) mod_proxy_fcgi: ProxyFCGISetEnvIf unsets variables when expression
+     evaluates to false.  PR64365. [Michael KÃ¶nig <mail ikoenig.net>]
+
   *) mod_proxy_http: flush spooled request body in one go to avoid
      leaking (or long lived) temporary file. PR 64452. [Yann Ylavic]
 
diff --git a/STATUS b/STATUS
index b8686778b59..1861c579da8 100644
--- a/STATUS
+++ b/STATUS
@@ -135,12 +135,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-  *) mod_proxy_fcgi: Don't unset when condition is false. PR64365
-     trunk patch:
-        - http://svn.apache.org/r1877829
-        - http://svn.apache.org/r1877830
-     2.4.x patch: svn merge -c 1877829,1877830 ^/httpd/httpd/trunk .
-    +1: covener, ylavic, rpluem
 
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
diff --git a/modules/proxy/mod_proxy_fcgi.c b/modules/proxy/mod_proxy_fcgi.c
index 2e97408f3f7..eeb32375f40 100644
--- a/modules/proxy/mod_proxy_fcgi.c
+++ b/modules/proxy/mod_proxy_fcgi.c
@@ -164,7 +164,7 @@ static int proxy_fcgi_canon(request_rec *r, char *url)
   ProxyFCGISetEnvIf "reqenv('PATH_INFO') =~ m#/foo(\d+)\.php$#" PATH_INFO "/foo.php"
   ProxyFCGISetEnvIf "reqenv('PATH_TRANSLATED') =~ m#(/.*foo)(\d+)(.*)#" PATH_TRANSLATED "$1$3"
 */
-static void fix_cgivars(request_rec *r, fcgi_dirconf_t *dconf)
+static apr_status_t fix_cgivars(request_rec *r, fcgi_dirconf_t *dconf)
 {
     sei_entry *entries;
     const char *err, *src;
@@ -175,10 +175,21 @@ static void fix_cgivars(request_rec *r, fcgi_dirconf_t *dconf)
     for (i = 0; i < dconf->env_fixups->nelts; i++) {
         sei_entry *entry = &entries[i];
 
+        rc = ap_expr_exec_re(r, entry->cond, AP_MAX_REG_MATCH, regm, &src, &err);
+        if (rc < 0) { 
+            ap_log_rerror(APLOG_MARK, APLOG_ERR, 0, r, APLOGNO() 
+                          "fix_cgivars: Condition eval returned %d: %s", 
+                          rc, err);
+            return APR_EGENERAL;
+        }
+        else if (rc == 0) { 
+            continue; /* evaluated false */
+        }
+
         if (entry->envname[0] == '!') {
             apr_table_unset(r->subprocess_env, entry->envname+1);
         }
-        else if (0 < (rc = ap_expr_exec_re(r, entry->cond, AP_MAX_REG_MATCH, regm, &src, &err)))  {
+        else {
             const char *val = ap_expr_str_exec_re(r, entry->subst, AP_MAX_REG_MATCH, regm, &src, &err);
             if (err) {
                 ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, APLOGNO(03514)
@@ -195,10 +206,8 @@ static void fix_cgivars(request_rec *r, fcgi_dirconf_t *dconf)
             }
             apr_table_setn(r->subprocess_env, entry->envname, val);
         }
-        else {
-            ap_log_rerror(APLOG_MARK, APLOG_TRACE8, 0, r, "fix_cgivars: Condition returned %d", rc);
-        }
     }
+    return APR_SUCCESS;
 }
 
 /* Wrapper for apr_socket_sendv that handles updating the worker stats. */
@@ -367,7 +376,9 @@ static apr_status_t send_environment(proxy_conn_rec *conn, request_rec *r,
     /* XXX are there any FastCGI specific env vars we need to send? */
 
     /* Give admins final option to fine-tune env vars */
-    fix_cgivars(r, dconf);
+    if (APR_SUCCESS != (rv = fix_cgivars(r, dconf))) { 
+        return rv;
+    }
 
     /* XXX mod_cgi/mod_cgid use ap_create_environment here, which fills in
      *     the TZ value specially.  We could use that, but it would mean
