Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using

SetEnv or PassEnv
This commit is contained in:
Luboš Uhliarik 2022-04-11 15:13:04 +02:00
parent c3884c0db7
commit 30c01a09c1
2 changed files with 89 additions and 1 deletions

View File

@ -0,0 +1,81 @@
diff --git a/server/util_script.c b/server/util_script.c
index 4121ae0..b7f8674 100644
--- a/server/util_script.c
+++ b/server/util_script.c
@@ -92,9 +92,21 @@ static void add_unless_null(apr_table_t *table, const char *name, const char *va
}
}
-static void env2env(apr_table_t *table, const char *name)
+/* Sets variable @name in table @dest from r->subprocess_env if
+ * available, else from the environment, else from @fallback if
+ * non-NULL. */
+static void env2env(apr_table_t *dest, request_rec *r,
+ const char *name, const char *fallback)
{
- add_unless_null(table, name, getenv(name));
+ const char *val;
+
+ val = apr_table_get(r->subprocess_env, name);
+ if (!val)
+ val = apr_pstrdup(r->pool, getenv(name));
+ if (!val)
+ val = apr_pstrdup(r->pool, fallback);
+ if (val)
+ apr_table_addn(dest, name, val);
}
AP_DECLARE(char **) ap_create_environment(apr_pool_t *p, apr_table_t *t)
@@ -211,37 +223,29 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r)
add_unless_null(e, http2env(r, hdrs[i].key), hdrs[i].val);
}
- env_temp = apr_table_get(r->subprocess_env, "PATH");
- if (env_temp == NULL) {
- env_temp = getenv("PATH");
- }
- if (env_temp == NULL) {
- env_temp = DEFAULT_PATH;
- }
- apr_table_addn(e, "PATH", apr_pstrdup(r->pool, env_temp));
-
+ env2env(e, r, "PATH", DEFAULT_PATH);
#if defined(WIN32)
- env2env(e, "SystemRoot");
- env2env(e, "COMSPEC");
- env2env(e, "PATHEXT");
- env2env(e, "WINDIR");
+ env2env(e, r, "SystemRoot", NULL);
+ env2env(e, r, "COMSPEC", NULL);
+ env2env(e, r, "PATHEXT", NULL);
+ env2env(e, r, "WINDIR", NULL);
#elif defined(OS2)
- env2env(e, "COMSPEC");
- env2env(e, "ETC");
- env2env(e, "DPATH");
- env2env(e, "PERLLIB_PREFIX");
+ env2env(e, r, "COMSPEC", NULL);
+ env2env(e, r, "ETC", NULL);
+ env2env(e, r, "DPATH", NULL);
+ env2env(e, r, "PERLLIB_PREFIX", NULL);
#elif defined(BEOS)
- env2env(e, "LIBRARY_PATH");
+ env2env(e, r, "LIBRARY_PATH", NULL);
#elif defined(DARWIN)
- env2env(e, "DYLD_LIBRARY_PATH");
+ env2env(e, r, "DYLD_LIBRARY_PATH", NULL);
#elif defined(_AIX)
- env2env(e, "LIBPATH");
+ env2env(e, r, "LIBPATH", NULL);
#elif defined(__HPUX__)
/* HPUX PARISC 2.0W knows both, otherwise redundancy is harmless */
- env2env(e, "SHLIB_PATH");
- env2env(e, "LD_LIBRARY_PATH");
+ env2env(e, r, "SHLIB_PATH", NULL);
+ env2env(e, r, "LD_LIBRARY_PATH", NULL);
#else /* Some Unix */
- env2env(e, "LD_LIBRARY_PATH");
+ env2env(e, r, "LD_LIBRARY_PATH", NULL);
#endif
apr_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r));

View File

@ -13,7 +13,7 @@
Summary: Apache HTTP Server Summary: Apache HTTP Server
Name: httpd Name: httpd
Version: 2.4.51 Version: 2.4.51
Release: 7%{?dist} Release: 8%{?dist}
URL: https://httpd.apache.org/ URL: https://httpd.apache.org/
Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2 Source0: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2
Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc Source1: https://www.apache.org/dist/httpd/httpd-%{version}.tar.bz2.asc
@ -107,6 +107,8 @@ Patch64: httpd-2.4.48-full-release.patch
Patch65: httpd-2.4.51-r1877397.patch Patch65: httpd-2.4.51-r1877397.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1938740 # https://bugzilla.redhat.com/show_bug.cgi?id=1938740
Patch66: httpd-2.4.51-r1892413+.patch Patch66: httpd-2.4.51-r1892413+.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=2073459
Patch67: httpd-2.4.51-r1811831.patch
# Security fixes # Security fixes
# https://bugzilla.redhat.com/show_bug.cgi?id=2034674 # https://bugzilla.redhat.com/show_bug.cgi?id=2034674
@ -269,6 +271,7 @@ written in the Lua programming language.
%patch64 -p1 -b .full-release %patch64 -p1 -b .full-release
%patch65 -p1 -b .r1877397 %patch65 -p1 -b .r1877397
%patch66 -p1 -b .r1892413+ %patch66 -p1 -b .r1892413+
%patch67 -p1 -b .r1811831
%patch200 -p1 -b .CVE-2021-44790 %patch200 -p1 -b .CVE-2021-44790
%patch201 -p1 -b .CVE-2022-22720 %patch201 -p1 -b .CVE-2022-22720
@ -819,6 +822,10 @@ exit $rv
%{_rpmconfigdir}/macros.d/macros.httpd %{_rpmconfigdir}/macros.d/macros.httpd
%changelog %changelog
* Mon Apr 11 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-8
- Resolves: #2073459 - Cannot override LD_LIBARY_PATH in Apache HTTPD using
SetEnv or PassEnv
* Mon Mar 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-7 * Mon Mar 21 2022 Luboš Uhliarik <luhliari@redhat.com> - 2.4.51-7
- Resolves: #2065251 - CVE-2022-22720 httpd: HTTP request smuggling - Resolves: #2065251 - CVE-2022-22720 httpd: HTTP request smuggling
vulnerability in Apache HTTP Server 2.4.52 and earlier vulnerability in Apache HTTP Server 2.4.52 and earlier