[Bug 64365] New: ProxyFCGISetEnvIf does not evaluate condition when unsetting variables.

classic Classic list List threaded Threaded
5 messages Options
Reply | Threaded
Open this post in threaded view
|

[Bug 64365] New: ProxyFCGISetEnvIf does not evaluate condition when unsetting variables.

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64365

            Bug ID: 64365
           Summary: ProxyFCGISetEnvIf does not evaluate condition when
                    unsetting variables.
           Product: Apache httpd-2
           Version: 2.4.43
          Hardware: PC
                OS: Linux
            Status: NEW
          Severity: normal
          Priority: P2
         Component: mod_proxy_fcgi
          Assignee: [hidden email]
          Reporter: [hidden email]
  Target Milestone: ---

Created attachment 37183
  --> https://bz.apache.org/bugzilla/attachment.cgi?id=37183&action=edit
A patch that appears to fix the problem for me

Context
=======
The ProxyFCGISetEnvIf directive allows overriding variables sent to FastCGI
servers. It comes in two forms:
* Setting   variables, taking 3 arguments: ProxyFCGISetEnvIf <condition>
<varname> <value>
* Unsetting variables, taking 2 arguments: ProxyFCGISetEnvIf <condition>
!<varname>

The Bug
=======
When using the directive's second form, the variable is always unset, ignoring
the condition.

Steps to Reproduce
==================
1. Try unsetting a FastCGI variable conditionally, or (for purpose of
demonstration) even with a condition of "false".
    Examples:
        ProxyFCGISetEnvIf "false" !SERVER_SOFTWARE
        ProxyFCGISetEnvIf "%{QUERY_STRING} =~ /hello/" !SERVER_SOFTWARE
        ProxyFCGISetEnvIf "-z reqenv('cloudflare')" !HTTP_CF_CONNECTING_IP
2. Observe the specified variables being unset even if the condition evaluates
to false.
    Example PHP script:
        <?php var_dump($_SERVER['SERVER_SOFTWARE']);
    Example output:
        NULL
    Expected output:
        string(6) "Apache"
Note that the example directive conditions above work as expected when used
with setting instead of unsetting variables.

Proposed Solution
=================
I looked into the code (functions "cmd_setenv" and "fix_cgivars" in
"modules/proxy/mod_proxy_fcgi.c") and it appears the condition is correctly
parsed but during request handling unsetting takes precedence over even
evaluating the condition, see line 178.

I created a small patch (see attachment) which appears to fix the problem for
me, but it would be good if someone familiar with the code took a look.

As far as I can tell, both the problem and my patch apply to all versions of
httpd since the ProxyFCGISetEnvIf directive was introduced in version 2.4.26,
including the current development version.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64365] ProxyFCGISetEnvIf does not evaluate condition when unsetting variables.

Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64365

--- Comment #1 from Millay Moede <[hidden email]> ---
Apache ia mainly using as the local server for testing the website. but
sometimes it gives error then you can restart the apache sever. For instant
support related to the email please visit https://www.emailexpert247.com/ or
dial Email Support Number for the best solution.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64365] ProxyFCGISetEnvIf does not evaluate condition when unsetting variables.

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64365

Eric Covener <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |PatchAvailable

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64365] ProxyFCGISetEnvIf does not evaluate condition when unsetting variables.

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64365

Eric Covener <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
           Keywords|                            |FixedInTrunk

--- Comment #2 from Eric Covener <[hidden email]> ---
Thanks for the report and patch Michael, I committed with some additions in
r1877829 and will propose for backport.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]

Reply | Threaded
Open this post in threaded view
|

[Bug 64365] ProxyFCGISetEnvIf does not evaluate condition when unsetting variables.

Bugzilla from bugzilla@apache.org
In reply to this post by Bugzilla from bugzilla@apache.org
https://bz.apache.org/bugzilla/show_bug.cgi?id=64365

Graham Leggett <[hidden email]> changed:

           What    |Removed                     |Added
----------------------------------------------------------------------------
         Resolution|---                         |FIXED
             Status|NEW                         |RESOLVED

--- Comment #3 from Graham Leggett <[hidden email]> ---
Backported to v2.4.44.

--
You are receiving this mail because:
You are the assignee for the bug.
---------------------------------------------------------------------
To unsubscribe, e-mail: [hidden email]
For additional commands, e-mail: [hidden email]