allow to suppress warnings about (individual) X-Forwarded headers

zandbelt · zandbelt · commit a96e0f11530e · 2025-06-25T12:17:03.000+02:00
see #1333; through environment variable OIDC_CHECK_X_FORWARDED_HDR_LOG_DISABLE session.c: avoid gcc 14 warning: '%s' directive argument is null [-Wformat-overflow=] Signed-off-by: Hans Zandbelt <hans.zandbelt@openidc.com>
diff --git a/ChangeLog b/ChangeLog
@@ -1,3 +1,8 @@
+06/25/2025
+- allow to suppress warnings about (individual) X-Forwarded headers; see #1333
+  through environment variable OIDC_CHECK_X_FORWARDED_HDR_LOG_DISABLE, e.g.:
+    SetEnvIfExpr true OIDC_CHECK_X_FORWARDED_HDR_LOG_DISABLE=X-Forwarded-Proto
+
 06/23/2025
 - release 2.4.17.1
 
diff --git a/src/cfg/cfg.c b/src/cfg/cfg.c
@@ -195,8 +195,8 @@ const char *oidc_cmd_session_type_set(cmd_parms *cmd, void *ptr, const char *arg
 		} else if (_oidc_strcmp(p, OIDC_SESSION_TYPE_STORE_ID_TOKEN) == 0) {
 			// only for client-cookie
 			cfg->store_id_token = 1;
-		} else if (_oidc_strcmp(p, OIDC_SESSION_TYPE_PERSISTENT
-					       OIDC_SESSION_TYPE_SEPARATOR OIDC_SESSION_TYPE_STORE_ID_TOKEN) == 0) {
+		} else if (_oidc_strcmp(p, OIDC_SESSION_TYPE_PERSISTENT OIDC_SESSION_TYPE_SEPARATOR
+					       OIDC_SESSION_TYPE_STORE_ID_TOKEN) == 0) {
 			// only for client-cookie
 			cfg->persistent_session_cookie = 1;
 			cfg->store_id_token = 1;
@@ -442,13 +442,16 @@ const char *oidc_cmd_x_forwarded_headers_set(cmd_parms *cmd, void *m, const char
 #define OIDC_DEFAULT_X_FORWARDED_HEADERS OIDC_HDR_NONE
 OIDC_CFG_MEMBER_FUNC_TYPE_GET(x_forwarded_headers, oidc_hdr_x_forwarded_t, OIDC_DEFAULT_X_FORWARDED_HEADERS)
 
+#define OIDC_CHECK_X_FORWARDED_HDR_LOG_DISABLE "OIDC_CHECK_X_FORWARDED_HDR_LOG_DISABLE"
+
 static void oidc_check_x_forwarded_hdr(request_rec *r, const apr_byte_t x_forwarded_headers, const apr_byte_t hdr_type,
 				       const char *hdr_str, const char *(hdr_func)(const request_rec *r)) {
+	const char *env_var = apr_table_get(r->subprocess_env, OIDC_CHECK_X_FORWARDED_HDR_LOG_DISABLE);
 	if (hdr_func(r)) {
-		if (!(x_forwarded_headers & hdr_type))
+		if (!(x_forwarded_headers & hdr_type) && (_oidc_strstr(env_var, hdr_str) == NULL))
 			oidc_warn(r, "header %s received but %s not configured for it", hdr_str, OIDCXForwardedHeaders);
 	} else {
-		if (x_forwarded_headers & hdr_type)
+		if ((x_forwarded_headers & hdr_type) && (_oidc_strstr(env_var, hdr_str) == NULL))
 			oidc_warn(r, "%s configured for header %s but not found in request", OIDCXForwardedHeaders,
 				  hdr_str);
 	}
diff --git a/src/session.c b/src/session.c
@@ -526,13 +526,17 @@ static const char *oidc_session_get_key2string(request_rec *r, oidc_session_t *z
 void oidc_session_set_filtered_claims(request_rec *r, oidc_session_t *z, const char *session_key, const char *claims) {
 	oidc_cfg_t *c = ap_get_module_config(r->server->module_config, &auth_openidc_module);
 
-	const char *name;
+	const char *name = NULL;
 	json_t *src = NULL, *dst = NULL, *value = NULL;
 	void *iter = NULL;
-	apr_byte_t is_allowed;
+	apr_byte_t is_allowed = TRUE;
 	int warn_claim_size = OIDC_SESSION_WARN_CLAIM_SIZE;
 	const char *s = NULL;
 
+	// avoid gcc 14 warning: '%s' directive argument is null [-Wformat-overflow=]
+	if (session_key == NULL)
+		session_key = "";
+
 	if (oidc_util_json_decode_object(r, claims, &src) == FALSE) {
 		oidc_session_set(r, z, session_key, NULL);
 		return;
