cvs commit: apachen/src/main util_script.c
dgaudet 98/01/21 14:31:47 Modified:src CHANGES src/main util_script.c Log: Let people shoot themselves by passing Authorization to CGIs if they define SECURITY_HOLE_PASS_AUTHORIZATION. PR: 549 Submitted by: Marc Slemko Reviewed by: Dean Gaudet, Paul Sutton Revision ChangesPath 1.584 +4 -0 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.583 retrieving revision 1.584 diff -u -r1.583 -r1.584 --- CHANGES 1998/01/21 22:27:17 1.583 +++ CHANGES 1998/01/21 22:31:44 1.584 @@ -1,5 +1,9 @@ Changes with Apache 1.3b4 + *) If you define SECURITY_HOLE_PASS_AUTHORIZATION then the Authorization + header will be passed to CGIs. This is generally a security hole, so + it's not a default. [Marc Slemko] PR#549 + *) Fix Y2K problem with date printing in suexec log. [Paul Eggert [EMAIL PROTECTED]] PR#1343 1.92 +7 -0 apachen/src/main/util_script.c Index: util_script.c === RCS file: /export/home/cvs/apachen/src/main/util_script.c,v retrieving revision 1.91 retrieving revision 1.92 diff -u -r1.91 -r1.92 --- util_script.c 1998/01/14 21:01:08 1.91 +++ util_script.c 1998/01/21 22:31:46 1.92 @@ -208,8 +208,15 @@ table_set(e, CONTENT_TYPE, hdrs[i].val); else if (!strcasecmp(hdrs[i].key, Content-length)) table_set(e, CONTENT_LENGTH, hdrs[i].val); + /* + * You really don't want to disable this check, since it leaves you + * wide open to CGIs stealing passwords and people viewing them + * in the environment with ps -e. But, if you must... + */ +#ifndef SECURITY_HOLE_PASS_AUTHORIZATION else if (!strcasecmp(hdrs[i].key, Authorization)) continue; +#endif else table_set(e, http2env(r-pool, hdrs[i].key), hdrs[i].val); }
cvs commit: apachen/src/main util_script.c
ben 97/12/26 07:52:38 Modified:src CHANGES src/main util_script.c Log: Check for executables by looking at the header. Submitted by: Jim Patterson [EMAIL PROTECTED] Reviewed by: Ben Laurie Revision ChangesPath 1.542 +4 -0 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.541 retrieving revision 1.542 diff -u -r1.541 -r1.542 --- CHANGES 1997/12/24 04:36:11 1.541 +++ CHANGES 1997/12/26 15:52:35 1.542 @@ -1,5 +1,9 @@ Changes with Apache 1.3b4 + *) WIN32: Check for binaries by looking for the executable header + instead of counting control characters. + [Jim Patterson [EMAIL PROTECTED]] PR#1340 + *) ap_snprintf() moved from main/util_snprintf.c to ap/ap_snprintf.c so the functionality is available to applications other than the server itself (like the src/support tools). [Ken Coar] 1.87 +4 -17 apachen/src/main/util_script.c Index: util_script.c === RCS file: /export/home/cvs/apachen/src/main/util_script.c,v retrieving revision 1.86 retrieving revision 1.87 diff -u -r1.86 -r1.87 --- util_script.c 1997/12/07 21:49:54 1.86 +++ util_script.c 1997/12/26 15:52:37 1.87 @@ -728,23 +728,10 @@ memmove(interpreter+2,interpreter+i,strlen(interpreter+i)+1); } else { - /* - * check and see how many control chars. On - * that basis, I will classify it as a text - * or binary file - */ - int ctrl = 0; - - for (i = 0; i sz; i++) { - static char *spec = \r\n\t; - if (iscntrl(interpreter[i]) !strchr(spec, interpreter[i])) - ctrl++; - } - if (ctrl sz / 10) - is_binary = 1; - else - is_binary = 0; - +/* Check to see if it's a executable */ +IMAGE_DOS_HEADER *hdr = (IMAGE_DOS_HEADER*)interpreter; +if (hdr-e_magic == IMAGE_DOS_SIGNATURE hdr-e_cblp 512) +is_binary = 1; } }
cvs commit: apachen/src/main util_script.c
ben 97/12/07 13:49:55 Modified:src CHANGES src/main util_script.c Log: WIN32: Allow spaces to prefix the interpreter in #! lines. PR: 1101 Revision ChangesPath 1.524 +3 -0 apachen/src/CHANGES Index: CHANGES === RCS file: /export/home/cvs/apachen/src/CHANGES,v retrieving revision 1.523 retrieving revision 1.524 diff -u -r1.523 -r1.524 --- CHANGES 1997/12/07 21:28:46 1.523 +++ CHANGES 1997/12/07 21:49:52 1.524 @@ -1,5 +1,8 @@ Changes with Apache 1.3b4 + *) WIN32: Allow spaces to prefix the interpreter in #! lines. + [Ben Laurie] PR#1101 + *) WIN32: Cure file leak in CGIs. [Peter Tillemans [EMAIL PROTECTED]] PR#1523 *) proxy_ftp: the directory listings generated by the proxy ftp module 1.86 +3 -0 apachen/src/main/util_script.c Index: util_script.c === RCS file: /export/home/cvs/apachen/src/main/util_script.c,v retrieving revision 1.85 retrieving revision 1.86 diff -u -r1.85 -r1.86 --- util_script.c 1997/11/16 15:45:22 1.85 +++ util_script.c 1997/12/07 21:49:54 1.86 @@ -723,6 +723,9 @@ break; } interpreter[i] = 0; + for (i = 2; interpreter[i] == ' '; ++i) + ; + memmove(interpreter+2,interpreter+i,strlen(interpreter+i)+1); } else { /*
cvs commit: apachen/src/main util_script.c
ben 97/11/11 16:50:45 Modified:src/main util_script.c Log: Hopefully fix winsock in CGI problems. Submitted by: Frank Faubert [EMAIL PROTECTED] Revision ChangesPath 1.83 +12 -1 apachen/src/main/util_script.c Index: util_script.c === RCS file: /export/home/cvs/apachen/src/main/util_script.c,v retrieving revision 1.82 retrieving revision 1.83 diff -u -r1.82 -r1.83 --- util_script.c 1997/10/24 15:40:55 1.82 +++ util_script.c 1997/11/12 00:50:44 1.83 @@ -161,8 +161,10 @@ server_rec *s = r-server; conn_rec *c = r-connection; const char *rem_logname; - char port[40], *env_path; +#ifdef WIN32 +char *env_temp; +#endif array_header *hdrs_arr = table_elts(r-headers_in); table_entry *hdrs = (table_entry *) hdrs_arr-elts; @@ -196,6 +198,15 @@ if (!(env_path = getenv(PATH))) env_path = DEFAULT_PATH; + +#ifdef WIN32 +if (env_temp = getenv(SystemRoot)) +table_set(e, SystemRoot, env_temp); +if (env_temp = getenv(COMSPEC)) +table_set(e, COMSPEC, env_temp); +if (env_temp = getenv(WINDIR)) +table_set(e, WINDIR, env_temp); +#endif table_set(e, PATH, env_path); table_set(e, SERVER_SOFTWARE, SERVER_VERSION);
cvs commit: apachen/src/main util_script.c
pcs 97/10/24 08:40:56 Modified:src/main util_script.c Log: Format recent patched code into Apache style Revision ChangesPath 1.82 +6 -5 apachen/src/main/util_script.c Index: util_script.c === RCS file: /export/home/cvs/apachen/src/main/util_script.c,v retrieving revision 1.81 retrieving revision 1.82 diff -u -r1.81 -r1.82 --- util_script.c 1997/10/22 20:29:53 1.81 +++ util_script.c 1997/10/24 15:40:55 1.82 @@ -734,11 +734,12 @@ } } - /* FIXME: Probably ought to do this in another buffer - Ben */ - /* This really annoys me - Win95 (and not NT) spawn[vl]e don't like '/'! - Ben */ - for(s=r-filename ; *s ; ++s) - if(*s == '/') - *s='\\'; + /* FIXME: Probably ought to do this in another buffer - Ben + * This really annoys me - Win95 (and not NT) spawn[vl]e don't + * like '/'! - Ben */ + for (s = r-filename; *s; ++s) + if (*s == '/') + *s = '\\'; if ((!r-args) || (!r-args[0]) || (ind(r-args, '=') = 0)) { if (is_exe || is_binary) {
cvs commit: apachen/src/main util_script.c
pcs 97/10/21 06:06:36 Modified:src/main util_script.c Log: Fix problem causing crash when a CGI is accessed with a ?arg wich does not contain a =. PR: 1030 Revision ChangesPath 1.80 +3 -3 apachen/src/main/util_script.c Index: util_script.c === RCS file: /export/home/cvs/apachen/src/main/util_script.c,v retrieving revision 1.79 retrieving revision 1.80 diff -u -r1.79 -r1.80 --- util_script.c 1997/10/20 12:08:59 1.79 +++ util_script.c 1997/10/21 13:06:36 1.80 @@ -755,13 +755,13 @@ else { if (is_exe || is_binary) { pid = spawnve(_P_NOWAIT, r-filename, - create_argv(r-pool, argv0, NULL, NULL, r-args, - (void *) NULL), env); + create_argv(r-pool, NULL, NULL, NULL, argv0, + r-args), env); } else if (is_script) { ap_assert(0); pid = spawnve(_P_NOWAIT, interpreter + 2, - create_argv(r-pool, interpreter + 2, NULL, NULL, + create_argv(r-pool, NULL, NULL, NULL, r-filename, r-args), env); } else {
cvs commit: apachen/src/main util_script.c
coar97/09/13 05:15:41 Modified:src/main util_script.c Log: Add in the final missing #include needed to clean up the set_last_modified() rework. Revision ChangesPath 1.72 +1 -0 apachen/src/main/util_script.c Index: util_script.c === RCS file: /export/home/cvs/apachen/src/main/util_script.c,v retrieving revision 1.71 retrieving revision 1.72 diff -u -r1.71 -r1.72 --- util_script.c 1997/09/12 18:56:05 1.71 +++ util_script.c 1997/09/13 12:15:39 1.72 @@ -60,6 +60,7 @@ #include http_core.h /* For document_root. Sigh... */ #include http_request.h /* for sub_req_lookup_uri() */ #include util_script.h +#include util_date.h /* For parseHTTPdate() */ /* * Various utility functions which are common to a whole lot of