You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by rp...@apache.org on 2013/05/14 16:41:31 UTC
svn commit: r1482349 - in /httpd/httpd/branches/2.2.x: CHANGES STATUS
modules/mappers/mod_rewrite.c
Author: rpluem
Date: Tue May 14 14:41:30 2013
New Revision: 1482349
URL: http://svn.apache.org/r1482349
Log:
* mod_rewrite: Ensure that client data written to the RewriteLog is
escaped to prevent terminal escape sequences from entering the
log file. (CVE-2013-1862 (cve.mitre.org))
Submitted by: jorton
Reviewed by: jorton, covener, rpluem
Modified:
httpd/httpd/branches/2.2.x/CHANGES
httpd/httpd/branches/2.2.x/STATUS
httpd/httpd/branches/2.2.x/modules/mappers/mod_rewrite.c
Modified: httpd/httpd/branches/2.2.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/CHANGES?rev=1482349&r1=1482348&r2=1482349&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.2.x/CHANGES [utf-8] Tue May 14 14:41:30 2013
@@ -1,6 +1,11 @@
-*- coding: utf-8 -*-
Changes with Apache 2.2.25
+ *) SECURITY: CVE-2013-1862 (cve.mitre.org)
+ mod_rewrite: Ensure that client data written to the RewriteLog is
+ escaped to prevent terminal escape sequences from entering the
+ log file. [Joe Orton]
+
*) htdigest: Fix buffer overflow when reading digest password file
with very long lines. PR 54893. [Rainer Jung]
Modified: httpd/httpd/branches/2.2.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/STATUS?rev=1482349&r1=1482348&r2=1482349&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/STATUS (original)
+++ httpd/httpd/branches/2.2.x/STATUS Tue May 14 14:41:30 2013
@@ -103,12 +103,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-quiet-fips.patch
+1: wrowe, druggeri, kbrand
- * mod_rewrite: fix CVE-2013-1862, escape log file output
- (not needed for trunk/2.4)
- 2.2.x patch:
- http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch
- +1: jorton, covener, rpluem
-
PATCHES PROPOSED TO BACKPORT FROM TRUNK:
[ New proposals should be added at the end of the list ]
Modified: httpd/httpd/branches/2.2.x/modules/mappers/mod_rewrite.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.2.x/modules/mappers/mod_rewrite.c?rev=1482349&r1=1482348&r2=1482349&view=diff
==============================================================================
--- httpd/httpd/branches/2.2.x/modules/mappers/mod_rewrite.c (original)
+++ httpd/httpd/branches/2.2.x/modules/mappers/mod_rewrite.c Tue May 14 14:41:30 2013
@@ -500,11 +500,11 @@ static void do_rewritelog(request_rec *r
logline = apr_psprintf(r->pool, "%s %s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] "
"(%d) %s%s%s%s" APR_EOL_STR,
- rhost ? rhost : "UNKNOWN-HOST",
- rname ? rname : "-",
- r->user ? (*r->user ? r->user : "\"\"") : "-",
+ rhost ? ap_escape_logitem(r->pool, rhost) : "UNKNOWN-HOST",
+ rname ? ap_escape_logitem(r->pool, rname) : "-",
+ r->user ? (*r->user ? ap_escape_logitem(r->pool, r->user) : "\"\"") : "-",
current_logtime(r),
- ap_get_server_name(r),
+ ap_escape_logitem(r->pool, ap_get_server_name(r)),
(void *)(r->server),
(void *)r,
r->main ? "subreq" : "initial",
@@ -514,7 +514,7 @@ static void do_rewritelog(request_rec *r
perdir ? "[perdir " : "",
perdir ? perdir : "",
perdir ? "] ": "",
- text);
+ ap_escape_logitem(r->pool, text));
nbytes = strlen(logline);
apr_file_write(conf->rewritelogfp, logline, &nbytes);