From 55c244c694d68cb578551c372fc2364caccebae1 Mon Sep 17 00:00:00 2001
From: Stefan Fritsch <sf@apache.org>
Date: Fri, 2 Mar 2012 20:06:34 +0000
Subject: [PATCH] Fix insecure handling of LD_LIBRARY_PATH that could lead to
 the current working directory to be searched for DSOs

CVE-2012-0883


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1296428 13f79535-47bb-0310-9956-ffa450edef68
---
 CHANGES                | 4 ++++
 support/envvars-std.in | 6 +++++-
 2 files changed, 9 insertions(+), 1 deletion(-)

diff --git a/CHANGES b/CHANGES
index 5e7f017f6fb..a3b1d3a1c28 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,10 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.5.0
 
+  *) SECURITY: CVE-2012-0883 (cve.mitre.org)
+     envvars: Fix insecure handling of LD_LIBRARY_PATH that could lead to the
+     current working directory to be searched for DSOs. [Stefan Fritsch]
+
   *) Fix MPM DSO load failure on AIX.  [Jeff Trawick]
 
   *) core: Add the port number to the vhost's name in the scoreboard.
diff --git a/support/envvars-std.in b/support/envvars-std.in
index cf50c5c75e5..9493bc749ca 100644
--- a/support/envvars-std.in
+++ b/support/envvars-std.in
@@ -18,7 +18,11 @@
 #
 # This file is generated from envvars-std.in
 #
-@SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
+if test "x$@SHLIBPATH_VAR@" != "x" ; then
+  @SHLIBPATH_VAR@="@exp_libdir@:$@SHLIBPATH_VAR@"
+else
+  @SHLIBPATH_VAR@="@exp_libdir@"
+fi
 export @SHLIBPATH_VAR@
 #
 @OS_SPECIFIC_VARS@
-- 
2.47.3