From: Ian Jackson <ijackson@chiark.greenend.org.uk>
Date: Sun, 27 Jan 2013 15:26:39 +0000 (+0000)
Subject: www-cgi: whitelist some more HTTP headers
X-Git-Tag: userv/0.6.1~73
X-Git-Url: http://www.chiark.greenend.org.uk/ucgi/~ian/git?p=userv-utils.git;a=commitdiff_plain;h=957b3b211b3ec0b0ebf0e010129e2e0788521890

www-cgi: whitelist some more HTTP headers
---

diff --git a/debian/changelog b/debian/changelog
index 16b4566..6f9b1e0 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -1,5 +1,6 @@
 userv-utils (0.5.0) unstable; urgency=low
 
+  * www-cgi: whitelist some more HTTP headers.
   * ipif: Improve documentation comment.
   * ipif: Some portability improvements.
   * Remove .cvsignore files.
diff --git a/www-cgi/ucgicommon.c b/www-cgi/ucgicommon.c
index 7111170..4a8749a 100644
--- a/www-cgi/ucgicommon.c
+++ b/www-cgi/ucgicommon.c
@@ -25,20 +25,29 @@
 #include "ucgi.h"
 
 const char *const envok[]= {
+  "AUTH_TYPE",
   "CONTENT_LENGTH",
   "CONTENT_TYPE",
   "DOCUMENT_ROOT",
   "GATEWAY_INTERFACE",
   "HTTP_ACCEPT",
+  "HTTP_ACCEPT_CHARSET",
   "HTTP_ACCEPT_ENCODING",
   "HTTP_ACCEPT_LANGUAGE",
   "HTTP_CACHE_CONTROL",
+  "HTTP_CONNECTION",
+  "HTTP_CONTENT_ENCODING",
   "HTTP_COOKIE",
+  "HTTP_DNT",
   "HTTP_HOST",
+  "HTTP_KEEP_ALIVE",
   "HTTP_NEGOTIATE",
   "HTTP_PRAGMA",
   "HTTP_REFERER",
   "HTTP_USER_AGENT",
+  "HTTP_VIA",
+  "HTTP_X_FORWARDED_FOR",
+  "HTTPS",
   "PATH_INFO",
   "PATH_TRANSLATED",
   "QUERY_STRING",
@@ -47,14 +56,17 @@ const char *const envok[]= {
   "REMOTE_USER",
   "REMOTE_IDENT",
   "REQUEST_METHOD",
+  "REQUEST_URI",
   "SCRIPT_FILENAME",
   "SCRIPT_NAME",
   "SCRIPT_URI",
   "SCRIPT_URL",
+  "SERVER_ADDR",
   "SERVER_ADMIN",
   "SERVER_NAME",
   "SERVER_PORT",
   "SERVER_PROTOCOL",
+  "SERVER_SIGNATURE",
   "SERVER_SOFTWARE",
   0
 };