Re: apache-ssl's suexec
On Fri, Jan 11, 2002 at 05:24:42PM +0100, Christoph Martin wrote:
> The ssl patch for suexec is the following:
>
> --- ../apache_1.3.19/src/support/suexec.c Mon Jan 15 17:06:40 2001
> +++ ./src/support/suexec.c Fri Mar 23 14:17:51 2001
> @@ -228,7 +228,8 @@
> cidx++;
>
> for (ep = environ; *ep && cidx < AP_ENVBUF-1; ep++) {
> - if (!strncmp(*ep, "HTTP_", 5)) {
> + if (!strncmp(*ep, "HTTP_", 5) || !strncmp(*ep,"HTTPS",5)
> + || !strncmp(*ep,"SSL_",4)) {
> cleanenv[cidx] = *ep;
> cidx++;
> }
>
> I think that is all.
hmm. I don't think that does what it's expected to do. It permits _any_
env var beginng with "HTTPS", when I think what was meant was to allow
the exact string "HTTPS". Otherwise they should be allowing variables
beginning with "HTTPS_".
--
Revolutions do not require corporate support.
Reply to: