diff options
author | Glenn Strauss <gstrauss@gluelogic.com> | 2017-03-05 15:39:45 -0500 |
---|---|---|
committer | Glenn Strauss <gstrauss@gluelogic.com> | 2017-03-08 11:42:59 -0500 |
commit | bd77abe0f81f196006dbd46d7be61e7cc36911be (patch) | |
tree | 8f3b4ca98ee0a1a5d5a17aea96bdfe536bd8839c /src/mod_setenv.c | |
parent | 970f337c29e74b3e5f076cee105abc9739a9bd72 (diff) | |
download | lighttpd-git-bd77abe0f81f196006dbd46d7be61e7cc36911be.tar.gz |
[config] more specific checks for array lists
More specific checks on contents of array lists. Each module using
lists now does better checking on the types of values in the list
(strings, integers, arrays/lists)
This helps prevent misconfiguration of things like cgi.assign,
fastcgi.server, and scgi.server, where source code might be
served as static files if parenthesis are misplaced.
x-ref:
https://redmine.lighttpd.net/boards/2/topics/6571
Diffstat (limited to 'src/mod_setenv.c')
-rw-r--r-- | src/mod_setenv.c | 12 |
1 files changed, 12 insertions, 0 deletions
diff --git a/src/mod_setenv.c b/src/mod_setenv.c index 52ea5317..ec5e6dbb 100644 --- a/src/mod_setenv.c +++ b/src/mod_setenv.c @@ -135,6 +135,18 @@ SETDEFAULTS_FUNC(mod_setenv_set_defaults) { if (0 != config_insert_values_global(srv, config->value, cv, i == 0 ? T_CONFIG_SCOPE_SERVER : T_CONFIG_SCOPE_CONNECTION)) { return HANDLER_ERROR; } + + if ( !array_is_kvstring(s->request_header) + || !array_is_kvstring(s->response_header) + || !array_is_kvstring(s->environment) + || !array_is_kvstring(s->set_request_header) + || !array_is_kvstring(s->set_response_header) + || !array_is_kvstring(s->set_environment)) { + log_error_write(srv, __FILE__, __LINE__, "s", + "unexpected value for setenv.xxxxxx; expected list of \"envvar\" => \"value\""); + return HANDLER_ERROR; + } + } return HANDLER_GO_ON; |