found more backports for dev-lang/php-7.4.33
This commit is contained in:
@@ -0,0 +1,58 @@
|
||||
From c7308ba7cd0533501b40eba255602bb5e085550f Mon Sep 17 00:00:00 2001
|
||||
From: Niels Dossche <7771979+nielsdos@users.noreply.github.com>
|
||||
Date: Tue, 18 Jun 2024 21:28:26 +0200
|
||||
Subject: [PATCH 06/11] Fix GHSA-94p6-54jq-9mwp
|
||||
|
||||
Apache only generates REDIRECT_STATUS, so explicitly check for that
|
||||
if the server name is Apache, don't allow other variable names.
|
||||
Furthermore, redirect.so and Netscape no longer exist, so
|
||||
remove those entries as we can't check their server name anymore.
|
||||
|
||||
We now also check for the configuration override *first* such that it
|
||||
always take precedence. This would allow for a mitigation path if
|
||||
something like this happens in the future.
|
||||
|
||||
(cherry picked from commit 48808d98f4fc2a05193cdcc1aedd6c66816450f1)
|
||||
(cherry picked from commit 8aa748ee0657cdee8d883ba50d04b68bc450f686)
|
||||
Upstream-Status: Backport [48808d98f4fc2a05193cdcc1aedd6c66816450f1, 8aa748ee0657cdee8d883ba50d04b68bc450f686]
|
||||
---
|
||||
sapi/cgi/cgi_main.c | 23 +++++++++++------------
|
||||
1 file changed, 11 insertions(+), 12 deletions(-)
|
||||
|
||||
diff --git a/sapi/cgi/cgi_main.c b/sapi/cgi/cgi_main.c
|
||||
index a2761aafd7b..ebce6302b93 100644
|
||||
--- a/sapi/cgi/cgi_main.c
|
||||
+++ b/sapi/cgi/cgi_main.c
|
||||
@@ -1939,18 +1939,17 @@ int main(int argc, char *argv[])
|
||||
|
||||
/* check force_cgi after startup, so we have proper output */
|
||||
if (cgi && CGIG(force_redirect)) {
|
||||
- /* Apache will generate REDIRECT_STATUS,
|
||||
- * Netscape and redirect.so will generate HTTP_REDIRECT_STATUS.
|
||||
- * redirect.so and installation instructions available from
|
||||
- * http://www.koehntopp.de/php.
|
||||
- * -- kk@netuse.de
|
||||
- */
|
||||
- if (!getenv("REDIRECT_STATUS") &&
|
||||
- !getenv ("HTTP_REDIRECT_STATUS") &&
|
||||
- /* this is to allow a different env var to be configured
|
||||
- * in case some server does something different than above */
|
||||
- (!CGIG(redirect_status_env) || !getenv(CGIG(redirect_status_env)))
|
||||
- ) {
|
||||
+ /* This is to allow a different environment variable to be configured
|
||||
+ * in case the we cannot auto-detect which environment variable to use.
|
||||
+ * Checking this first to allow user overrides in case the environment
|
||||
+ * variable can be set by an untrusted party. */
|
||||
+ const char *redirect_status_env = CGIG(redirect_status_env);
|
||||
+ if (!redirect_status_env) {
|
||||
+ /* Apache will generate REDIRECT_STATUS. */
|
||||
+ redirect_status_env = "REDIRECT_STATUS";
|
||||
+ }
|
||||
+
|
||||
+ if (!getenv(redirect_status_env)) {
|
||||
zend_try {
|
||||
SG(sapi_headers).http_response_code = 400;
|
||||
PUTS("<b>Security Alert!</b> The PHP CGI cannot be accessed directly.\n\n\
|
||||
--
|
||||
2.46.1
|
||||
|
||||
Reference in New Issue
Block a user