You are viewing a plain text version of this content. The canonical link for it is here.
Posted to dev@httpd.apache.org by André Malo <nd...@perlig.de> on 2004/01/03 00:33:18 UTC
Re: cvs commit: httpd-2.0/support check_forensic
* ben@apache.org wrote:
> /* e is the first _invalid_ location in q
> N.B. returns the terminating NUL.
> */
> static char *log_escape(char *q, const char *e, const char *p)
> {
> for ( ; *p ; ++p) {
> assert(q < e);
> if (*p < ' ' || *p >= 0x7f || *p == '|' || *p == ':' || *p == '%')
> {
> assert(q+2 < e);
> *q++ = '%';
> sprintf(q, "%02x", *(unsigned char *)p);
> q += 2;
> }
> else
> *q++ = *p;
> }
> assert(q < e);
> *q = '\0';
>
> return q;
> }
This function is not EBCDIC safe. I'd suggest to use one of the escaping
functions in server/util.c.
Additionally please use ap_assert, which logs before dumping. (applies to
other occurences as well).
nd
Re: cvs commit: httpd-2.0/support check_forensic
Posted by Ben Laurie <be...@algroup.co.uk>.
André Malo wrote:
> * ben@apache.org wrote:
>
>
>> /* e is the first _invalid_ location in q
>> N.B. returns the terminating NUL.
>> */
>> static char *log_escape(char *q, const char *e, const char *p)
>> {
>> for ( ; *p ; ++p) {
>> assert(q < e);
>> if (*p < ' ' || *p >= 0x7f || *p == '|' || *p == ':' || *p == '%')
>> {
>> assert(q+2 < e);
>> *q++ = '%';
>> sprintf(q, "%02x", *(unsigned char *)p);
>> q += 2;
>> }
>> else
>> *q++ = *p;
>> }
>> assert(q < e);
>> *q = '\0';
>>
>> return q;
>> }
>
>
> This function is not EBCDIC safe. I'd suggest to use one of the escaping
> functions in server/util.c.
None of them do what I need. In particular, | and : must be escaped, and
no other weird munging should occur (though I could live with things
being escaped that don't need to be, reluctantly). AFAICS this rules out
all the functions in util.c. I guess I could add a new one, though.
> Additionally please use ap_assert, which logs before dumping. (applies to
> other occurences as well).
Sure thing.
Cheers,
Ben.
--
http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff