chiark / gitweb /
www-cgi/: Decentralize the whitelist of environment variables.
authorMark Wooding <mdw@distorted.org.uk>
Wed, 30 Jan 2013 00:23:08 +0000 (00:23 +0000)
committerMark Wooding <mdw@distorted.org.uk>
Sat, 2 Feb 2013 13:31:03 +0000 (13:31 +0000)
There's no great need for `ucgi' to have a fierce whitelist of
environment variables to be passed to the service.  We'll assume that
the webserver hasn't put any critical secrets in its environment with
unfortunate names; and the service shouldn't put any trust in the
caller's filtering anyway.  If the webserver end takes a more relaxed
approach, we can leave questions of policy regarding environment
filtering largely up to the service -- which is the bit that users
actually have some control over.

To this end, therefore, move the main whitelist to `ucgitarget.c', and
put small list, containing some wildcard patterns, in `ucgi.c'.

www-cgi/ucgi.c
www-cgi/ucgi.h
www-cgi/ucgicommon.c
www-cgi/ucgitarget.c

index c4c072d..006f8ae 100644 (file)
 
 #include "ucgi.h"
 
+static const char *const envok[] = {
+  "AUTH_TYPE",
+  "CONTENT_TYPE",
+  "CONTENT_LENGTH",
+  "DOCUMENT_ROOT",
+  "GATEWAY_INTERFACE",
+  "HTTP_*",
+  "HTTPS",
+  "PATH_INFO",
+  "PATH_TRANSLATED",
+  "QUERY_STRING",
+  "REMOTE_*",
+  "REQUEST_METHOD",
+  "REQUEST_URI",
+  "SCRIPT_*",
+  "SERVER_*",
+  0
+};
+
 struct buildargs {
   const char **v;
   int n, max;
index 1d00b1b..9d69ed9 100644 (file)
@@ -49,8 +49,6 @@ void filter_environment(unsigned flags, const char *prefix_in,
                        void *p);
 #define FILTF_WILDCARD 1u
 
-extern const char *const envok[];
-extern const int nenvok;
 extern int debugmode;
 
 #endif
index 0facfbb..168641b 100644 (file)
 
 #include "ucgi.h"
 
-const char *const envok[]= {
-  "AUTH_TYPE",
-  "CONTENT_LENGTH",
-  "CONTENT_TYPE",
-  "DOCUMENT_ROOT",
-  "GATEWAY_INTERFACE",
-  "HTTP_ACCEPT",
-  "HTTP_ACCEPT_CHARSET",
-  "HTTP_ACCEPT_ENCODING",
-  "HTTP_ACCEPT_LANGUAGE",
-  "HTTP_CACHE_CONTROL",
-  "HTTP_CONNECTION",
-  "HTTP_CONTENT_ENCODING",
-  "HTTP_COOKIE",
-  "HTTP_DNT",
-  "HTTP_HOST",
-  "HTTP_KEEP_ALIVE",
-  "HTTP_NEGOTIATE",
-  "HTTP_PRAGMA",
-  "HTTP_REFERER",
-  "HTTP_USER_AGENT",
-  "HTTP_VIA",
-  "HTTP_X_FORWARDED_FOR",
-  "HTTPS",
-  "PATH_INFO",
-  "PATH_TRANSLATED",
-  "QUERY_STRING",
-  "REMOTE_ADDR",
-  "REMOTE_HOST",
-  "REMOTE_USER",
-  "REMOTE_IDENT",
-  "REQUEST_METHOD",
-  "REQUEST_URI",
-  "SCRIPT_FILENAME",
-  "SCRIPT_NAME",
-  "SCRIPT_URI",
-  "SCRIPT_URL",
-  "SERVER_ADDR",
-  "SERVER_ADMIN",
-  "SERVER_NAME",
-  "SERVER_PORT",
-  "SERVER_PROTOCOL",
-  "SERVER_SIGNATURE",
-  "SERVER_SOFTWARE",
-  0
-};
-const int nenvok= sizeof(envok)/sizeof(envok[0]);
-
 int debugmode= 0;
 
 static void outerror(void) {
index a4b5690..9780e36 100644 (file)
 
 #include "ucgi.h"
 
+static const char *const envok[]= {
+  "AUTH_TYPE",
+  "CONTENT_LENGTH",
+  "CONTENT_TYPE",
+  "DOCUMENT_ROOT",
+  "GATEWAY_INTERFACE",
+  "HTTP_ACCEPT",
+  "HTTP_ACCEPT_CHARSET",
+  "HTTP_ACCEPT_ENCODING",
+  "HTTP_ACCEPT_LANGUAGE",
+  "HTTP_CACHE_CONTROL",
+  "HTTP_CONNECTION",
+  "HTTP_CONTENT_ENCODING",
+  "HTTP_COOKIE",
+  "HTTP_DNT",
+  "HTTP_HOST",
+  "HTTP_KEEP_ALIVE",
+  "HTTP_NEGOTIATE",
+  "HTTP_PRAGMA",
+  "HTTP_REFERER",
+  "HTTP_USER_AGENT",
+  "HTTP_VIA",
+  "HTTP_X_FORWARDED_FOR",
+  "HTTPS",
+  "PATH_INFO",
+  "PATH_TRANSLATED",
+  "QUERY_STRING",
+  "REMOTE_ADDR",
+  "REMOTE_HOST",
+  "REMOTE_USER",
+  "REMOTE_IDENT",
+  "REQUEST_METHOD",
+  "REQUEST_URI",
+  "SCRIPT_FILENAME",
+  "SCRIPT_NAME",
+  "SCRIPT_URI",
+  "SCRIPT_URL",
+  "SERVER_ADDR",
+  "SERVER_ADMIN",
+  "SERVER_NAME",
+  "SERVER_PORT",
+  "SERVER_PROTOCOL",
+  "SERVER_SIGNATURE",
+  "SERVER_SOFTWARE",
+  0
+};
+
 static void setenvar(const char *fulln,
                     const char *en, const char *ep, void *p) {
   xsetenv(en, ep, 1);