From f1f2527c03ebbb3c9685ef2d483015156bddc006 Mon Sep 17 00:00:00 2001
From: Felipe Zimmerle <felipe@zimmerle.org>
Date: Wed, 9 Dec 2020 18:39:24 -0300
Subject: [PATCH] Using setenv instead of putenv on SetEnv action

---
 CHANGES                                       |  2 +
 src/actions/set_env.cc                        |  6 +--
 test/test-cases/regression/action-setenv.json | 39 +++++++++++++++++--
 3 files changed, 40 insertions(+), 7 deletions(-)

diff --git a/CHANGES b/CHANGES
index 9b013e24..17939c23 100644
--- a/CHANGES
+++ b/CHANGES
@@ -1,6 +1,8 @@
 v3.x.y - YYYY-MMM-DD (to be released)
 -------------------------------------
 
+  - Replaces put with setenv in SetEnv action
+    [Issue #2469 - @martinhsv, @WGH-, @zimmerle]
   - Regression: Mark the test as failed in case of segfault.
     [@zimmerle]
   - Regex key selection should not be case-sensitive
diff --git a/src/actions/set_env.cc b/src/actions/set_env.cc
index 9a1eacbd..f3fcc104 100644
--- a/src/actions/set_env.cc
+++ b/src/actions/set_env.cc
@@ -34,10 +34,10 @@ bool SetENV::init(std::string *error) {
 bool SetENV::evaluate(RuleWithActions *rule, Transaction *t) {
     std::string colNameExpanded(m_string->evaluate(t));
 
+    auto pair = utils::string::ssplit_pair(colNameExpanded, '=');
     ms_dbg_a(t, 8, "Setting envoriment variable: "
-        + colNameExpanded + ".");
-
-    putenv(strdup(colNameExpanded.c_str()));
+        + pair.first + " to " + pair.second);
+    setenv(pair.first.c_str(), pair.second.c_str(), /*overwrite*/ 1);
 
     return true;
 }
diff --git a/test/test-cases/regression/action-setenv.json b/test/test-cases/regression/action-setenv.json
index 595b5a60..6cd6985e 100644
--- a/test/test-cases/regression/action-setenv.json
+++ b/test/test-cases/regression/action-setenv.json
@@ -2,9 +2,9 @@
   {
     "enabled":1,
     "version_min":300000,
-    "title":"Testing setsid action (1/2)",
+    "title":"Testing setsid action (1/3)",
     "expected":{
-      "debug_log": "Setting envoriment variable: variable=PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
+      "debug_log": "Setting envoriment variable: variable to PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
     },
     "client":{
       "ip":"200.249.12.31",
@@ -33,9 +33,9 @@
   {
     "enabled":1,
     "version_min":300000,
-    "title":"Testing setenv action (2/2)",
+    "title":"Testing setenv action (2/3)",
     "expected":{
-      "debug_log": "Setting envoriment variable: variable=PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
+      "debug_log": "Setting envoriment variable: variable to PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
     },
     "client":{
       "ip":"200.249.12.31",
@@ -60,5 +60,36 @@
       "SecRuleEngine On",
       "SecRule REQUEST_HEADERS:Cookie \"^(.*)$\" \"id:'900018',phase:2,setenv:variable=%{matched_var},pass\""
     ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing setenv action (3/3)",
+    "expected":{
+      "debug_log": "Setting envoriment variable: variable to PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120==test=test"
+    },
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "User-Agent":"My sweet little browser",
+        "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
+      },
+      "uri":"/?key=value&key=other_value",
+      "method":"GET"
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS:Cookie \"^(.*)$\" \"id:'900018',phase:2,setenv:variable=%{matched_var}==test=test,pass\""
+    ]
   }
 ]