You are viewing a plain text version of this content. The canonical link for it is here.

Posted to dev@httpd.apache.org by André Malo <nd...@perlig.de> on 2004/01/03 00:33:18 UTC

Re: cvs commit: httpd-2.0/support check_forensic

* ben@apache.org wrote:

>   /* e is the first _invalid_ location in q
>      N.B. returns the terminating NUL.
>    */
>   static char *log_escape(char *q, const char *e, const char *p)
>   {
>       for ( ; *p ; ++p) {
>           assert(q < e);
>           if (*p < ' ' || *p >= 0x7f || *p == '|' || *p == ':' || *p == '%')
>           {
>               assert(q+2 < e);
>               *q++ = '%';
>               sprintf(q, "%02x", *(unsigned char *)p);
>               q += 2;
>           }
>           else
>               *q++ = *p;
>       }
>       assert(q < e);
>       *q = '\0';
>   
>       return q;
>   }

This function is not EBCDIC safe. I'd suggest to use one of the escaping
functions in server/util.c.
Additionally please use ap_assert, which logs before dumping. (applies to
other occurences as well).

nd

Re: cvs commit: httpd-2.0/support check_forensic

Posted by Ben Laurie <be...@algroup.co.uk>.

André Malo wrote:
> * ben@apache.org wrote:
> 
> 
>>  /* e is the first _invalid_ location in q
>>     N.B. returns the terminating NUL.
>>   */
>>  static char *log_escape(char *q, const char *e, const char *p)
>>  {
>>      for ( ; *p ; ++p) {
>>          assert(q < e);
>>          if (*p < ' ' || *p >= 0x7f || *p == '|' || *p == ':' || *p == '%')
>>          {
>>              assert(q+2 < e);
>>              *q++ = '%';
>>              sprintf(q, "%02x", *(unsigned char *)p);
>>              q += 2;
>>          }
>>          else
>>              *q++ = *p;
>>      }
>>      assert(q < e);
>>      *q = '\0';
>>  
>>      return q;
>>  }
> 
> 
> This function is not EBCDIC safe. I'd suggest to use one of the escaping
> functions in server/util.c.

None of them do what I need. In particular, | and : must be escaped, and 
no other weird munging should occur (though I could live with things 
being escaped that don't need to be, reluctantly). AFAICS this rules out 
all the functions in util.c. I guess I could add a new one, though.

> Additionally please use ap_assert, which logs before dumping. (applies to
> other occurences as well).

Sure thing.

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff