Using setenv instead of putenv on SetEnv action

2025-08-13 13:26:01 +03:00 · 2020-12-09 18:39:24 -03:00 · 2020-12-09 18:39:24 -03:00 · f1f2527c03
commit f1f2527c03
parent 03b3e472d4
3 changed files with 40 additions and 7 deletions
--- a/2
+++ b/2
@ -1,6 +1,8 @@
 v3.x.y - YYYY-MMM-DD (to be released)
 -------------------------------------

+  - Replaces put with setenv in SetEnv action
+    [Issue #2469 - @martinhsv, @WGH-, @zimmerle]
  - Regression: Mark the test as failed in case of segfault.
    [@zimmerle]
  - Regex key selection should not be case-sensitive
--- a/src/actions/set_env.cc
+++ b/src/actions/set_env.cc
@ -34,10 +34,10 @@ bool SetENV::init(std::string *error) {
 bool SetENV::evaluate(RuleWithActions *rule, Transaction *t) {
    std::string colNameExpanded(m_string->evaluate(t));

+    auto pair = utils::string::ssplit_pair(colNameExpanded, '=');
    ms_dbg_a(t, 8, "Setting envoriment variable: "
-        + colNameExpanded + ".");
-
-    putenv(strdup(colNameExpanded.c_str()));
+        + pair.first + " to " + pair.second);
+    setenv(pair.first.c_str(), pair.second.c_str(), /*overwrite*/ 1);

    return true;
 }
--- a/test/test-cases/regression/action-setenv.json
+++ b/test/test-cases/regression/action-setenv.json
@ -2,9 +2,9 @@
  {
    "enabled":1,
    "version_min":300000,
-    "title":"Testing setsid action (1/2)",
+    "title":"Testing setsid action (1/3)",
    "expected":{
-      "debug_log": "Setting envoriment variable: variable=PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
+      "debug_log": "Setting envoriment variable: variable to PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
    },
    "client":{
      "ip":"200.249.12.31",
@ -33,9 +33,9 @@
  {
    "enabled":1,
    "version_min":300000,
-    "title":"Testing setenv action (2/2)",
+    "title":"Testing setenv action (2/3)",
    "expected":{
-      "debug_log": "Setting envoriment variable: variable=PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
+      "debug_log": "Setting envoriment variable: variable to PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
    },
    "client":{
      "ip":"200.249.12.31",
@ -60,5 +60,36 @@
      "SecRuleEngine On",
      "SecRule REQUEST_HEADERS:Cookie \"^(.*)$\" \"id:'900018',phase:2,setenv:variable=%{matched_var},pass\""
    ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing setenv action (3/3)",
+    "expected":{
+      "debug_log": "Setting envoriment variable: variable to PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120==test=test"
+    },
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "User-Agent":"My sweet little browser",
+        "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
+      },
+      "uri":"/?key=value&key=other_value",
+      "method":"GET"
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS:Cookie \"^(.*)$\" \"id:'900018',phase:2,setenv:variable=%{matched_var}==test=test,pass\""
+    ]
  }
 ]