[apache2] 02/04: Fix argument escaping in apachectl

Stefan Fritsch sf at moszumanska.debian.org
Sat Sep 23 22:18:51 UTC 2017 

This is an automated email from the git hooks/post-receive script.

sf pushed a commit to branch master
in repository apache2.

commit 4e81a04d389fa4d877ca4c56870c0822dacea40f
Author: Stefan Fritsch <sf at sfritsch.de>
Date:   Sun Sep 24 00:07:48 2017 +0200

    Fix argument escaping in apachectl
---
 debian/apache2ctl | 10 +++++-----
 debian/changelog  |  1 +
 2 files changed, 6 insertions(+), 5 deletions(-)

diff --git a/debian/apache2ctl b/debian/apache2ctl
index f31263b..404b9f9 100755
--- a/debian/apache2ctl
+++ b/debian/apache2ctl
@@ -147,7 +147,7 @@ mkdir_chown () {
 [ ! -d ${APACHE_RUN_DIR:-/var/run/apache2} ] && mkdir -p ${APACHE_RUN_DIR:-/var/run/apache2}
 [ ! -d ${APACHE_LOCK_DIR:-/var/lock/apache2} ] && mkdir_chown ${APACHE_RUN_USER:-www-data} ${APACHE_LOCK_DIR:-/var/lock/apache2}
 
-case $ARGV in
+case "$ARGV" in
 start)
     # ssl_scache shouldn't be here if we're just starting up.
     # (this is bad if there are several apache2 instances running)
@@ -171,18 +171,18 @@ start)
         systemctl start "$APACHE_SYSTEMD_SERVICE"
     else
         unset APACHE_STARTED_BY_SYSTEMD
-        $HTTPD ${APACHE_ARGUMENTS} -k $ARGV
+        $HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"
     fi
 
     ERROR=$?
     ;;
 stop|graceful-stop)
-    $HTTPD ${APACHE_ARGUMENTS} -k $ARGV
+    $HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"
     ERROR=$?
     ;;
 restart|graceful)
     if $HTTPD ${APACHE_ARGUMENTS} -t 2> /dev/null ; then
-        $HTTPD ${APACHE_ARGUMENTS} -k $ARGV
+        $HTTPD ${APACHE_ARGUMENTS} -k "$ARGV"
     else
         $HTTPD ${APACHE_ARGUMENTS} -t
     fi
@@ -205,7 +205,7 @@ fullstatus)
     get_status
     ;;
 *)
-    $HTTPD ${APACHE_ARGUMENTS} $ARGV
+    $HTTPD ${APACHE_ARGUMENTS} "$@"
     ERROR=$?
 esac
 
diff --git a/debian/changelog b/debian/changelog
index 776fb43..9c4de6c 100644
--- a/debian/changelog
+++ b/debian/changelog
@@ -3,6 +3,7 @@ apache2 (2.4.27-6) UNRELEASED; urgency=medium
   * CVE-2017-9798: Don't allow new methods to be registered in .htaccess files
     which could result in HTTP OPTIONS method leaking Apache's server memory.
     Closes: #876109
+  * Fix argument escaping in apachectl. Closes: #876384
 
  -- Stefan Fritsch <sf at debian.org>  Sat, 23 Sep 2017 23:59:18 +0200
 

-- 
Alioth's /usr/local/bin/git-commit-notice on /srv/git.debian.org/git/pkg-apache/apache2.git

More information about the Pkg-apache-commits mailing list