cvs commit: apachen/src/main util_script.c
dgaudet 98/01/21 14:31:47 Modified:src CHANGES src/main util_script.c Log: Let people shoot themselves by passing Authorization to CGIs if they define SECURITY_HOLE_PASS_AUTHORIZATION. PR: 549 Submitted by: Marc Slemko Reviewed by: Dean Gaudet, Paul Sutton Revision ChangesPath 1.584 +4 -0 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.583 retrieving revision 1.584 diff -u -r1.583 -r1.584 --- CHANGES 1998/01/21 22:27:17 1.583 +++ CHANGES 1998/01/21 22:31:44 1.584 @@ -1,5 +1,9 @@ Changes with Apache 1.3b4 + *) If you define SECURITY_HOLE_PASS_AUTHORIZATION then the Authorization + header will be passed to CGIs. This is generally a security hole, so + it's not a default. [Marc Slemko] PR#549 + *) Fix Y2K problem with date printing in suexec log. [Paul Eggert [EMAIL PROTECTED]] PR#1343 1.92 +7 -0 apachen/src/main/util_script.c Index: util_script.c === RCS file: /export/home/cvs/apachen/src/main/util_script.c,v retrieving revision 1.91 retrieving revision 1.92 diff -u -r1.91 -r1.92 --- util_script.c 1998/01/14 21:01:08 1.91 +++ util_script.c 1998/01/21 22:31:46 1.92 @@ -208,8 +208,15 @@ table_set(e, CONTENT_TYPE, hdrs[i].val); else if (!strcasecmp(hdrs[i].key, Content-length)) table_set(e, CONTENT_LENGTH, hdrs[i].val); + /* + * You really don't want to disable this check, since it leaves you + * wide open to CGIs stealing passwords and people viewing them + * in the environment with ps -e. But, if you must... + */ +#ifndef SECURITY_HOLE_PASS_AUTHORIZATION else if (!strcasecmp(hdrs[i].key, Authorization)) continue; +#endif else table_set(e, http2env(r-pool, hdrs[i].key), hdrs[i].val); }
cvs commit: apachen/src/main util_script.c
ben 97/12/26 07:52:38
Modified:src CHANGES
src/main util_script.c
Log:
Check for executables by looking at the header.
Submitted by: Jim Patterson [EMAIL PROTECTED]
Reviewed by: Ben Laurie
Revision ChangesPath
1.542 +4 -0 apachen/src/CHANGES
Index: CHANGES
===
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.541
retrieving revision 1.542
diff -u -r1.541 -r1.542
--- CHANGES 1997/12/24 04:36:11 1.541
+++ CHANGES 1997/12/26 15:52:35 1.542
@@ -1,5 +1,9 @@
Changes with Apache 1.3b4
+ *) WIN32: Check for binaries by looking for the executable header
+ instead of counting control characters.
+ [Jim Patterson [EMAIL PROTECTED]] PR#1340
+
*) ap_snprintf() moved from main/util_snprintf.c to ap/ap_snprintf.c
so the functionality is available to applications other than the
server itself (like the src/support tools). [Ken Coar]
1.87 +4 -17 apachen/src/main/util_script.c
Index: util_script.c
===
RCS file: /export/home/cvs/apachen/src/main/util_script.c,v
retrieving revision 1.86
retrieving revision 1.87
diff -u -r1.86 -r1.87
--- util_script.c 1997/12/07 21:49:54 1.86
+++ util_script.c 1997/12/26 15:52:37 1.87
@@ -728,23 +728,10 @@
memmove(interpreter+2,interpreter+i,strlen(interpreter+i)+1);
}
else {
- /*
- * check and see how many control chars. On
- * that basis, I will classify it as a text
- * or binary file
- */
- int ctrl = 0;
-
- for (i = 0; i sz; i++) {
- static char *spec = \r\n\t;
- if (iscntrl(interpreter[i]) !strchr(spec,
interpreter[i]))
- ctrl++;
- }
- if (ctrl sz / 10)
- is_binary = 1;
- else
- is_binary = 0;
-
+/* Check to see if it's a executable */
+IMAGE_DOS_HEADER *hdr = (IMAGE_DOS_HEADER*)interpreter;
+if (hdr-e_magic == IMAGE_DOS_SIGNATURE hdr-e_cblp 512)
+is_binary = 1;
}
}
cvs commit: apachen/src/main util_script.c
ben 97/12/07 13:49:55
Modified:src CHANGES
src/main util_script.c
Log:
WIN32: Allow spaces to prefix the interpreter in #! lines.
PR: 1101
Revision ChangesPath
1.524 +3 -0 apachen/src/CHANGES
Index: CHANGES
===
RCS file: /export/home/cvs/apachen/src/CHANGES,v
retrieving revision 1.523
retrieving revision 1.524
diff -u -r1.523 -r1.524
--- CHANGES 1997/12/07 21:28:46 1.523
+++ CHANGES 1997/12/07 21:49:52 1.524
@@ -1,5 +1,8 @@
Changes with Apache 1.3b4
+ *) WIN32: Allow spaces to prefix the interpreter in #! lines.
+ [Ben Laurie] PR#1101
+
*) WIN32: Cure file leak in CGIs. [Peter Tillemans [EMAIL PROTECTED]]
PR#1523
*) proxy_ftp: the directory listings generated by the proxy ftp module
1.86 +3 -0 apachen/src/main/util_script.c
Index: util_script.c
===
RCS file: /export/home/cvs/apachen/src/main/util_script.c,v
retrieving revision 1.85
retrieving revision 1.86
diff -u -r1.85 -r1.86
--- util_script.c 1997/11/16 15:45:22 1.85
+++ util_script.c 1997/12/07 21:49:54 1.86
@@ -723,6 +723,9 @@
break;
}
interpreter[i] = 0;
+ for (i = 2; interpreter[i] == ' '; ++i)
+ ;
+ memmove(interpreter+2,interpreter+i,strlen(interpreter+i)+1);
}
else {
/*
cvs commit: apachen/src/main util_script.c
ben 97/11/11 16:50:45 Modified:src/main util_script.c Log: Hopefully fix winsock in CGI problems. Submitted by: Frank Faubert [EMAIL PROTECTED] Revision ChangesPath 1.83 +12 -1 apachen/src/main/util_script.c Index: util_script.c === RCS file: /export/home/cvs/apachen/src/main/util_script.c,v retrieving revision 1.82 retrieving revision 1.83 diff -u -r1.82 -r1.83 --- util_script.c 1997/10/24 15:40:55 1.82 +++ util_script.c 1997/11/12 00:50:44 1.83 @@ -161,8 +161,10 @@ server_rec *s = r-server; conn_rec *c = r-connection; const char *rem_logname; - char port[40], *env_path; +#ifdef WIN32 +char *env_temp; +#endif array_header *hdrs_arr = table_elts(r-headers_in); table_entry *hdrs = (table_entry *) hdrs_arr-elts; @@ -196,6 +198,15 @@ if (!(env_path = getenv(PATH))) env_path = DEFAULT_PATH; + +#ifdef WIN32 +if (env_temp = getenv(SystemRoot)) +table_set(e, SystemRoot, env_temp); +if (env_temp = getenv(COMSPEC)) +table_set(e, COMSPEC, env_temp); +if (env_temp = getenv(WINDIR)) +table_set(e, WINDIR, env_temp); +#endif table_set(e, PATH, env_path); table_set(e, SERVER_SOFTWARE, SERVER_VERSION);
cvs commit: apachen/src/main util_script.c
pcs 97/10/24 08:40:56
Modified:src/main util_script.c
Log:
Format recent patched code into Apache style
Revision ChangesPath
1.82 +6 -5 apachen/src/main/util_script.c
Index: util_script.c
===
RCS file: /export/home/cvs/apachen/src/main/util_script.c,v
retrieving revision 1.81
retrieving revision 1.82
diff -u -r1.81 -r1.82
--- util_script.c 1997/10/22 20:29:53 1.81
+++ util_script.c 1997/10/24 15:40:55 1.82
@@ -734,11 +734,12 @@
}
}
- /* FIXME: Probably ought to do this in another buffer - Ben */
- /* This really annoys me - Win95 (and not NT) spawn[vl]e don't like
'/'! - Ben */
- for(s=r-filename ; *s ; ++s)
- if(*s == '/')
- *s='\\';
+ /* FIXME: Probably ought to do this in another buffer - Ben
+ * This really annoys me - Win95 (and not NT) spawn[vl]e don't
+ * like '/'! - Ben */
+ for (s = r-filename; *s; ++s)
+ if (*s == '/')
+ *s = '\\';
if ((!r-args) || (!r-args[0]) || (ind(r-args, '=') = 0)) {
if (is_exe || is_binary) {
cvs commit: apachen/src/main util_script.c
pcs 97/10/21 06:06:36
Modified:src/main util_script.c
Log:
Fix problem causing crash when a CGI is accessed with a ?arg wich
does not contain a =.
PR: 1030
Revision ChangesPath
1.80 +3 -3 apachen/src/main/util_script.c
Index: util_script.c
===
RCS file: /export/home/cvs/apachen/src/main/util_script.c,v
retrieving revision 1.79
retrieving revision 1.80
diff -u -r1.79 -r1.80
--- util_script.c 1997/10/20 12:08:59 1.79
+++ util_script.c 1997/10/21 13:06:36 1.80
@@ -755,13 +755,13 @@
else {
if (is_exe || is_binary) {
pid = spawnve(_P_NOWAIT, r-filename,
- create_argv(r-pool, argv0, NULL, NULL, r-args,
- (void *) NULL), env);
+ create_argv(r-pool, NULL, NULL, NULL, argv0,
+ r-args), env);
}
else if (is_script) {
ap_assert(0);
pid = spawnve(_P_NOWAIT, interpreter + 2,
- create_argv(r-pool, interpreter + 2, NULL, NULL,
+ create_argv(r-pool, NULL, NULL, NULL,
r-filename, r-args), env);
}
else {
cvs commit: apachen/src/main util_script.c
coar97/09/13 05:15:41 Modified:src/main util_script.c Log: Add in the final missing #include needed to clean up the set_last_modified() rework. Revision ChangesPath 1.72 +1 -0 apachen/src/main/util_script.c Index: util_script.c === RCS file: /export/home/cvs/apachen/src/main/util_script.c,v retrieving revision 1.71 retrieving revision 1.72 diff -u -r1.71 -r1.72 --- util_script.c 1997/09/12 18:56:05 1.71 +++ util_script.c 1997/09/13 12:15:39 1.72 @@ -60,6 +60,7 @@ #include http_core.h /* For document_root. Sigh... */ #include http_request.h /* for sub_req_lookup_uri() */ #include util_script.h +#include util_date.h /* For parseHTTPdate() */ /* * Various utility functions which are common to a whole lot of
