Using setenv instead of putenv on SetEnv action

Author: zimmerle

CHANGES

@@ -1,6 +1,8 @@
 v3.x.y - YYYY-MMM-DD (to be released)
 -------------------------------------
 
+  - Replaces put with setenv in SetEnv action
+    [Issue #2469 - @martinhsv, @WGH-, @zimmerle]
   - Regression: Mark the test as failed in case of segfault.
     [@zimmerle]
   - Regex key selection should not be case-sensitive

src/actions/set_env.cc

@@ -34,10 +34,10 @@ bool SetENV::init(std::string *error) {
 bool SetENV::evaluate(RuleWithActions *rule, Transaction *t) {
     std::string colNameExpanded(m_string->evaluate(t));
 
+    auto pair = utils::string::ssplit_pair(colNameExpanded, '=');
     ms_dbg_a(t, 8, "Setting envoriment variable: "
-        + colNameExpanded + ".");
-
-    putenv(strdup(colNameExpanded.c_str()));
+        + pair.first + " to " + pair.second);
+    setenv(pair.first.c_str(), pair.second.c_str(), /*overwrite*/ 1);
 
     return true;
 }

test/test-cases/regression/action-setenv.json

@@ -2,9 +2,9 @@
   {
     "enabled":1,
     "version_min":300000,
-    "title":"Testing setsid action (1/2)",
+    "title":"Testing setsid action (1/3)",
     "expected":{
-      "debug_log": "Setting envoriment variable: variable=PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
+      "debug_log": "Setting envoriment variable: variable to PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
     },
     "client":{
       "ip":"200.249.12.31",
@@ -33,9 +33,9 @@
   {
     "enabled":1,
     "version_min":300000,
-    "title":"Testing setenv action (2/2)",
+    "title":"Testing setenv action (2/3)",
     "expected":{
-      "debug_log": "Setting envoriment variable: variable=PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
+      "debug_log": "Setting envoriment variable: variable to PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
     },
     "client":{
       "ip":"200.249.12.31",
@@ -60,5 +60,36 @@
       "SecRuleEngine On",
       "SecRule REQUEST_HEADERS:Cookie \"^(.*)$\" \"id:'900018',phase:2,setenv:variable=%{matched_var},pass\""
     ]
+  },
+  {
+    "enabled":1,
+    "version_min":300000,
+    "title":"Testing setenv action (3/3)",
+    "expected":{
+      "debug_log": "Setting envoriment variable: variable to PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120==test=test"
+    },
+    "client":{
+      "ip":"200.249.12.31",
+      "port":123
+    },
+    "request":{
+      "headers":{
+        "Host":"localhost",
+        "User-Agent":"curl/7.38.0",
+        "Accept":"*/*",
+        "User-Agent":"My sweet little browser",
+        "Cookie": "PHPSESSID=rAAAAAAA2t5uvjq435r4q7ib3vtdjq120"
+      },
+      "uri":"/?key=value&key=other_value",
+      "method":"GET"
+    },
+    "server":{
+      "ip":"200.249.12.31",
+      "port":80
+    },
+    "rules":[
+      "SecRuleEngine On",
+      "SecRule REQUEST_HEADERS:Cookie \"^(.*)$\" \"id:'900018',phase:2,setenv:variable=%{matched_var}==test=test,pass\""
+    ]
   }
 ]