You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by nd...@apache.org on 2004/01/23 01:05:57 UTC
cvs commit: apache-1.3/src/main http_log.c
nd 2004/01/22 16:05:57
Modified: src CHANGES
src/main http_log.c
Log:
Unescaped errorlogs are still possible using the compile time switch
"-DAP_UNSAFE_ERROR_LOG_UNESCAPED".
Reviewed by: Stas Bekman, Geoffrey Young
Revision Changes Path
1.1923 +3 -2 apache-1.3/src/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/apache-1.3/src/CHANGES,v
retrieving revision 1.1922
retrieving revision 1.1923
diff -u -u -r1.1922 -r1.1923
--- CHANGES 20 Jan 2004 11:06:23 -0000 1.1922
+++ CHANGES 23 Jan 2004 00:05:57 -0000 1.1923
@@ -25,8 +25,9 @@
[Ben Laurie]
*) SECURITY: CAN-2003-0020 (cve.mitre.org)
- Escape arbitrary data before writing into the errorlog.
- [Andr� Malo]
+ Escape arbitrary data before writing into the errorlog. Unescaped
+ errorlogs are still possible using the compile time switch
+ "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, Andr� Malo]
*) '%X' is now accepted as an alias for '%c' in the
LogFormat directive. This allows you to configure logging
1.99 +8 -1 apache-1.3/src/main/http_log.c
Index: http_log.c
===================================================================
RCS file: /home/cvs/apache-1.3/src/main/http_log.c,v
retrieving revision 1.98
retrieving revision 1.99
diff -u -u -r1.98 -r1.99
--- http_log.c 1 Jan 2004 13:32:54 -0000 1.98
+++ http_log.c 23 Jan 2004 00:05:57 -0000 1.99
@@ -313,7 +313,10 @@
const server_rec *s, const request_rec *r,
const char *fmt, va_list args)
{
- char errstr[MAX_STRING_LEN], scratch[MAX_STRING_LEN];
+ char errstr[MAX_STRING_LEN];
+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
+ char scratch[MAX_STRING_LEN];
+#endif
size_t len;
int save_errno = errno;
FILE *logf;
@@ -445,10 +448,14 @@
}
#endif
+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
if (ap_vsnprintf(scratch, sizeof(scratch) - len, fmt, args)) {
len += ap_escape_errorlog_item(errstr + len, scratch,
sizeof(errstr) - len);
}
+#else
+ len += ap_vsnprintf(errstr + len, sizeof(errstr) - len, fmt, args);
+#endif
/* NULL if we are logging to syslog */
if (logf) {