You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by nd...@apache.org on 2004/01/23 01:05:57 UTC

cvs commit: apache-1.3/src/main http_log.c

nd          2004/01/22 16:05:57

  Modified:    src      CHANGES
               src/main http_log.c
  Log:
  Unescaped errorlogs are still possible using the compile time switch
  "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".
  
  Reviewed by:    Stas Bekman, Geoffrey Young
  
  Revision  Changes    Path
  1.1923    +3 -2      apache-1.3/src/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/CHANGES,v
  retrieving revision 1.1922
  retrieving revision 1.1923
  diff -u -u -r1.1922 -r1.1923
  --- CHANGES	20 Jan 2004 11:06:23 -0000	1.1922
  +++ CHANGES	23 Jan 2004 00:05:57 -0000	1.1923
  @@ -25,8 +25,9 @@
        [Ben Laurie]
   
     *) SECURITY: CAN-2003-0020 (cve.mitre.org)
  -     Escape arbitrary data before writing into the errorlog.  
  -     [Andr� Malo]
  +     Escape arbitrary data before writing into the errorlog. Unescaped
  +     errorlogs are still possible using the compile time switch
  +     "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".  [Geoffrey Young, Andr� Malo]
   
     *) '%X' is now accepted as an alias for '%c' in the
        LogFormat directive. This allows you to configure logging
  
  
  
  1.99      +8 -1      apache-1.3/src/main/http_log.c
  
  Index: http_log.c
  ===================================================================
  RCS file: /home/cvs/apache-1.3/src/main/http_log.c,v
  retrieving revision 1.98
  retrieving revision 1.99
  diff -u -u -r1.98 -r1.99
  --- http_log.c	1 Jan 2004 13:32:54 -0000	1.98
  +++ http_log.c	23 Jan 2004 00:05:57 -0000	1.99
  @@ -313,7 +313,10 @@
   			   const server_rec *s, const request_rec *r,
   			   const char *fmt, va_list args)
   {
  -    char errstr[MAX_STRING_LEN], scratch[MAX_STRING_LEN];
  +    char errstr[MAX_STRING_LEN];
  +#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
  +    char scratch[MAX_STRING_LEN];
  +#endif
       size_t len;
       int save_errno = errno;
       FILE *logf;
  @@ -445,10 +448,14 @@
       }
   #endif
   
  +#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
       if (ap_vsnprintf(scratch, sizeof(scratch) - len, fmt, args)) {
           len += ap_escape_errorlog_item(errstr + len, scratch,
                                          sizeof(errstr) - len);
       }
  +#else
  +    len += ap_vsnprintf(errstr + len, sizeof(errstr) - len, fmt, args);
  +#endif
   
       /* NULL if we are logging to syslog */
       if (logf) {