You are viewing a plain text version of this content. The canonical link for it is here.
Posted to docs@httpd.apache.org by Erik Abele <er...@codefaktor.de> on 2002/08/25 16:00:44 UTC
Possible css vulnerability part II
After looking a second time in the code I realized that all calls to
ap_log_rerror with the APLOG_TOCLIENT state are properly escaped in
server/log.c. Therefore it should be safe to use
apr_filename_of_pathname(r->filename) unescaped in the mentioned places:
> #### Possible places for css vulnerabilities
> ####
> #### I'm quite not sure, if r->method and apr_filename_of_pathname(r->filename)
> #### are safe to use unescaped in these places, but I'm sure that it is not
> #### safe to use apr_table_get(r->headers_in, "Expect") unescaped!
>
> #### modules/generators/mod_cgi.c line 470 & mod_cgid.c line 650:
> #### apr_filename_of_pathname(r->filename) not escaped
>
> rc = ap_os_create_privileged_process(r, procnew, argv0, argv,
> (const char * const *)env,
> procattr, ptrans);
>
> if (rc != APR_SUCCESS) {
> /* Bad things happened. Everyone should have cleaned up. */
> ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_TOCLIENT, rc, r,
> "couldn't create child process: %d: %s", rc,
> apr_filename_of_pathname(r->filename));
> }
>
> #### server/util_script.c line 457:
> #### apr_filename_of_pathname(r->filename) not escaped
>
> if ((*getsfunc) (w, MAX_STRING_LEN - 1, getsfunc_data) == 0) {
> ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r,
> "Premature end of script headers: %s",
> apr_filename_of_pathname(r->filename));
> return HTTP_INTERNAL_SERVER_ERROR;
> }
>
> #### server/util_script.c line 551:
> #### apr_filename_of_pathname(r->filename) not escaped
>
> ap_log_rerror(APLOG_MARK, APLOG_ERR|APLOG_TOCLIENT, 0, r,
> "%s: %s", malformed,
> apr_filename_of_pathname(r->filename));
> return HTTP_INTERNAL_SERVER_ERROR;
>
Erik
---------------------------------------------------------------------
To unsubscribe, e-mail: docs-unsubscribe@httpd.apache.org
For additional commands, e-mail: docs-help@httpd.apache.org