Documentation Source Text

Check-in [389e06d34a]
Login

Many hyperlinks are disabled.
Use anonymous login to enable hyperlinks.

Overview
Comment:Detect and disable a "bashdoor" attack against althttpd.c.
Timelines: family | ancestors | descendants | both | trunk
Files: files | file ages | folders
SHA1: 389e06d34a4887fa2ccd6630ca7a400d80a5f36b
User & Date: drh 2014-10-06 00:35:12
Context
2014-10-06
03:07
In althttpd.c: Fix a bug such that HTTPS requests are correctly logged as such. If the "--https 1" command-line option is used, then try to read the remote IP address from the REMOTE_HOST environment variable, under the assumption that althttpd is being called from stunnel. check-in: c34e8da80a user: drh tags: trunk
00:35
Detect and disable a "bashdoor" attack against althttpd.c. check-in: 389e06d34a user: drh tags: trunk
2014-10-05
23:01
Improved documentation comments on the althttpd.c server program. check-in: d217041b2b user: drh tags: trunk
Changes
Hide Diffs Unified Diffs Ignore Whitespace Patch

Changes to misc/althttpd.c.

368
369
370
371
372
373
374


375
376
377
378
379
380
381
/*
** Set the value of environment variable zVar to zValue.
*/
static void SetEnv(const char *zVar, const char *zValue){
  char *z;
  int len;
  if( zValue==0 ) zValue="";


  len = strlen(zVar) + strlen(zValue) + 2;
  z = SafeMalloc(len);
  sprintf(z,"%s=%s",zVar,zValue);
  putenv(z);
}

/*







>
>







368
369
370
371
372
373
374
375
376
377
378
379
380
381
382
383
/*
** Set the value of environment variable zVar to zValue.
*/
static void SetEnv(const char *zVar, const char *zValue){
  char *z;
  int len;
  if( zValue==0 ) zValue="";
  /* Disable an attempted bashdoor attack */
  if( strncmp(zValue,"() {",4)==0 ) zValue = "";
  len = strlen(zVar) + strlen(zValue) + 2;
  z = SafeMalloc(len);
  sprintf(z,"%s=%s",zVar,zValue);
  putenv(z);
}

/*