[core] permit env w/ blank value (fix regression)

(thx Lars Bingchong)

empty env var must be set to blank string and not left unset
(regression in lighttpd 1.4.56 - lighttpd 1.4.64)

x-ref:
  https://stackoverflow.com/a/52913064/1338888
personal/stbuehler/tests-path
Glenn Strauss 2022-03-09 17:18:44 -05:00
parent e447de1b66
commit bd67d9f4ac
4 changed files with 22 additions and 3 deletions

View File

@ -353,7 +353,6 @@ void http_header_env_set(request_st * const r, const char *k, uint32_t klen, con
void http_header_env_append(request_st * const r, const char *k, uint32_t klen, const char *v, uint32_t vlen) {
/*if (0 == vlen) return;*//* skip check; permit env var w/ blank value */
buffer * const vb = array_get_buf_ptr(&r->env, k, klen);
if (0 == vlen) return;
http_header_token_append(vb, v, vlen);
}

View File

@ -2,7 +2,8 @@
# env
if ($ENV{"QUERY_STRING"} =~ /^env=(\w+)/) {
print "Status: 200\r\n\r\n$ENV{$1}";
my $v = defined($ENV{$1}) ? $ENV{$1} : "[$1 not found]";
print "Status: 200\r\n\r\n$v";
exit 0;
}

View File

@ -63,6 +63,7 @@ setenv.add-environment = (
)
setenv.set-environment = (
"NEWENV" => "newenv",
"BLANK_VALUE" => "",
)
setenv.add-request-header = (
"FOO" => "foo",

View File

@ -8,7 +8,7 @@ BEGIN {
use strict;
use IO::Socket;
use Test::More tests => 176;
use Test::More tests => 178;
use LightyTest;
my $tf = LightyTest->new();
@ -1399,6 +1399,24 @@ EOF
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.1', 'HTTP-Status' => 200, '+Content-Length' => '' } ];
ok($tf->handle_http($t) == 0, 'cgi-env: HTTP_HOST');
$t->{REQUEST} = ( <<EOF
GET /cgi.pl?env=ABSENT HTTP/1.1
Host: www.example.org
Connection: close
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.1', 'HTTP-Status' => 200, 'HTTP-Content' => '[ABSENT not found]' } ];
ok($tf->handle_http($t) == 0, 'cgi-env: ABSENT');
$t->{REQUEST} = ( <<EOF
GET /cgi.pl?env=BLANK_VALUE HTTP/1.1
Host: www.example.org
Connection: close
EOF
);
$t->{RESPONSE} = [ { 'HTTP-Protocol' => 'HTTP/1.1', 'HTTP-Status' => 200, 'HTTP-Content' => '' } ];
ok($tf->handle_http($t) == 0, 'cgi-env: BLANK_VALUE');
# broken header crash
$t->{REQUEST} = ( <<EOF
GET /cgi.pl?crlfcrash HTTP/1.0