summary |
shortlog |
log |
commit | commitdiff |
tree
raw |
patch |
inline | side by side (from parent 1:
f601a2c)
There's no great need for `ucgi' to have a fierce whitelist of
environment variables to be passed to the service. We'll assume that
the webserver hasn't put any critical secrets in its environment with
unfortunate names; and the service shouldn't put any trust in the
caller's filtering anyway. If the webserver end takes a more relaxed
approach, we can leave questions of policy regarding environment
filtering largely up to the service -- which is the bit that users
actually have some control over.
To this end, therefore, move the main whitelist to `ucgitarget.c', and
put small list, containing some wildcard patterns, in `ucgi.c'.
+static const char *const envok[] = {
+ "AUTH_TYPE",
+ "CONTENT_TYPE",
+ "CONTENT_LENGTH",
+ "DOCUMENT_ROOT",
+ "GATEWAY_INTERFACE",
+ "HTTP_*",
+ "HTTPS",
+ "PATH_INFO",
+ "PATH_TRANSLATED",
+ "QUERY_STRING",
+ "REMOTE_*",
+ "REQUEST_METHOD",
+ "REQUEST_URI",
+ "SCRIPT_*",
+ "SERVER_*",
+ 0
+};
+
struct buildargs {
const char **v;
int n, max;
struct buildargs {
const char **v;
int n, max;
void *p);
#define FILTF_WILDCARD 1u
void *p);
#define FILTF_WILDCARD 1u
-extern const char *const envok[];
-extern const int nenvok;
extern int debugmode;
#endif
extern int debugmode;
#endif
-const char *const envok[]= {
- "AUTH_TYPE",
- "CONTENT_LENGTH",
- "CONTENT_TYPE",
- "DOCUMENT_ROOT",
- "GATEWAY_INTERFACE",
- "HTTP_ACCEPT",
- "HTTP_ACCEPT_CHARSET",
- "HTTP_ACCEPT_ENCODING",
- "HTTP_ACCEPT_LANGUAGE",
- "HTTP_CACHE_CONTROL",
- "HTTP_CONNECTION",
- "HTTP_CONTENT_ENCODING",
- "HTTP_COOKIE",
- "HTTP_DNT",
- "HTTP_HOST",
- "HTTP_KEEP_ALIVE",
- "HTTP_NEGOTIATE",
- "HTTP_PRAGMA",
- "HTTP_REFERER",
- "HTTP_USER_AGENT",
- "HTTP_VIA",
- "HTTP_X_FORWARDED_FOR",
- "HTTPS",
- "PATH_INFO",
- "PATH_TRANSLATED",
- "QUERY_STRING",
- "REMOTE_ADDR",
- "REMOTE_HOST",
- "REMOTE_USER",
- "REMOTE_IDENT",
- "REQUEST_METHOD",
- "REQUEST_URI",
- "SCRIPT_FILENAME",
- "SCRIPT_NAME",
- "SCRIPT_URI",
- "SCRIPT_URL",
- "SERVER_ADDR",
- "SERVER_ADMIN",
- "SERVER_NAME",
- "SERVER_PORT",
- "SERVER_PROTOCOL",
- "SERVER_SIGNATURE",
- "SERVER_SOFTWARE",
- 0
-};
-const int nenvok= sizeof(envok)/sizeof(envok[0]);
-
int debugmode= 0;
static void outerror(void) {
int debugmode= 0;
static void outerror(void) {
+static const char *const envok[]= {
+ "AUTH_TYPE",
+ "CONTENT_LENGTH",
+ "CONTENT_TYPE",
+ "DOCUMENT_ROOT",
+ "GATEWAY_INTERFACE",
+ "HTTP_ACCEPT",
+ "HTTP_ACCEPT_CHARSET",
+ "HTTP_ACCEPT_ENCODING",
+ "HTTP_ACCEPT_LANGUAGE",
+ "HTTP_CACHE_CONTROL",
+ "HTTP_CONNECTION",
+ "HTTP_CONTENT_ENCODING",
+ "HTTP_COOKIE",
+ "HTTP_DNT",
+ "HTTP_HOST",
+ "HTTP_KEEP_ALIVE",
+ "HTTP_NEGOTIATE",
+ "HTTP_PRAGMA",
+ "HTTP_REFERER",
+ "HTTP_USER_AGENT",
+ "HTTP_VIA",
+ "HTTP_X_FORWARDED_FOR",
+ "HTTPS",
+ "PATH_INFO",
+ "PATH_TRANSLATED",
+ "QUERY_STRING",
+ "REMOTE_ADDR",
+ "REMOTE_HOST",
+ "REMOTE_USER",
+ "REMOTE_IDENT",
+ "REQUEST_METHOD",
+ "REQUEST_URI",
+ "SCRIPT_FILENAME",
+ "SCRIPT_NAME",
+ "SCRIPT_URI",
+ "SCRIPT_URL",
+ "SERVER_ADDR",
+ "SERVER_ADMIN",
+ "SERVER_NAME",
+ "SERVER_PORT",
+ "SERVER_PROTOCOL",
+ "SERVER_SIGNATURE",
+ "SERVER_SOFTWARE",
+ 0
+};
+
static void setenvar(const char *fulln,
const char *en, const char *ep, void *p) {
xsetenv(en, ep, 1);
static void setenvar(const char *fulln,
const char *en, const char *ep, void *p) {
xsetenv(en, ep, 1);