diff options
| author | Glenn Strauss <gstrauss@gluelogic.com> | 2022-03-09 17:18:44 -0500 |
|---|---|---|
| committer | Glenn Strauss <gstrauss@gluelogic.com> | 2022-03-09 19:51:42 -0500 |
| commit | bd67d9f4acfbb4f8bd373006f77102126df8eeba (patch) | |
| tree | 51e3a14398cba32a867c4626a8f04ec852dbe00c | |
| parent | e447de1b66bde910a013f26dad52777f877feed7 (diff) | |
| download | lighttpd-git-bd67d9f4acfbb4f8bd373006f77102126df8eeba.tar.gz | |
[core] permit env w/ blank value (fix regression)
(thx Lars Bingchong)
empty env var must be set to blank string and not left unset
(regression in lighttpd 1.4.56 - lighttpd 1.4.64)
x-ref:
https://stackoverflow.com/a/52913064/1338888
| -rw-r--r-- | src/http_header.c | 1 | ||||
| -rwxr-xr-x | tests/docroot/cgi.pl | 3 | ||||
| -rw-r--r-- | tests/lighttpd.conf | 1 | ||||
| -rwxr-xr-x | tests/request.t | 20 |
4 files changed, 22 insertions, 3 deletions
diff --git a/src/http_header.c b/src/http_header.c index 6cd2a420..d2ae6929 100644 --- a/src/http_header.c +++ b/src/http_header.c @@ -353,7 +353,6 @@ void http_header_env_set(request_st * const r, const char *k, uint32_t klen, con void http_header_env_append(request_st * const r, const char *k, uint32_t klen, const char *v, uint32_t vlen) { /*if (0 == vlen) return;*//* skip check; permit env var w/ blank value */ buffer * const vb = array_get_buf_ptr(&r->env, k, klen); - if (0 == vlen) return; http_header_token_append(vb, v, vlen); } diff --git a/tests/docroot/cgi.pl b/tests/docroot/cgi.pl index 97e00d31..cb72f45a 100755 --- a/tests/docroot/cgi.pl +++ b/tests/docroot/cgi.pl @@ -2,7 +2,8 @@ # env if ($ENV{"QUERY_STRING"} =~ /^env=(\w+)/) { - print "Status: 200\r\n\r\n$ENV{$1}"; + my $v = defined($ENV{$1}) ? $ENV{$1} : "[$1 not found]"; + print "Status: 200\r\n\r\n$v"; exit 0; } diff --git a/tests/lighttpd.conf b/tests/lighttpd.conf index f8a064ca..6ad9d65c 100644 --- a/tests/lighttpd.conf +++ b/tests/lighttpd.conf @@ -63,6 +63,7 @@ setenv.add-environment = ( ) setenv.set-environment = ( "NEWENV" => "newenv", + "BLANK_VALUE" => "", ) setenv.add-request-header = ( "FOO" => "foo", diff --git a/tests/request.t b/tests/request.t index 5c27c48b..68829d5b 100755 --- a/tests/request.t +++ b/tests/request.t @@ -8,7 +8,7 @@ BEGIN { use strict; use IO::Socket; -use Test::More tests => 176; +use Test::More tests => 178; use LightyTest; my $tf = LightyTest->new(); @@ -1399,6 +1399,24 @@ EOF $t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.1', 'HTTP-Status' => 200, '+Content-Length' => '' } ]; ok($tf->handle_http($t) == 0, 'cgi-env: HTTP_HOST'); +$t->{REQUEST} = ( <<EOF +GET /cgi.pl?env=ABSENT HTTP/1.1 +Host: www.example.org +Connection: close +EOF + ); +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.1', 'HTTP-Status' => 200, 'HTTP-Content' => '[ABSENT not found]' } ]; +ok($tf->handle_http($t) == 0, 'cgi-env: ABSENT'); + +$t->{REQUEST} = ( <<EOF +GET /cgi.pl?env=BLANK_VALUE HTTP/1.1 +Host: www.example.org +Connection: close +EOF + ); +$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.1', 'HTTP-Status' => 200, 'HTTP-Content' => '' } ]; +ok($tf->handle_http($t) == 0, 'cgi-env: BLANK_VALUE'); + # broken header crash $t->{REQUEST} = ( <<EOF GET /cgi.pl?crlfcrash HTTP/1.0 |