You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by nd...@apache.org on 2003/03/07 00:53:52 UTC
cvs commit: httpd-2.0/server gen_test_char.c util.c
nd 2003/03/06 15:53:52
Modified: . CHANGES
include ap_mmn.h httpd.h
modules/loggers mod_log_config.c
server gen_test_char.c util.c
Log:
Minor MMN bump:
Forward port: Escape special characters (especially control
characters) in mod_log_config to make a clear distinction between
client-supplied strings (with special characters) and server-side
strings. This was already introduced in version 1.3.25.
Obtained from: Patch in 1.3.25-dev by Martin
Revision Changes Path
1.1109 +6 -0 httpd-2.0/CHANGES
Index: CHANGES
===================================================================
RCS file: /home/cvs/httpd-2.0/CHANGES,v
retrieving revision 1.1108
retrieving revision 1.1109
diff -u -r1.1108 -r1.1109
--- CHANGES 6 Mar 2003 23:12:28 -0000 1.1108
+++ CHANGES 6 Mar 2003 23:53:51 -0000 1.1109
@@ -2,6 +2,12 @@
[Remove entries to the current 2.0 section below, when backported]
+ *) Forward port: Escape special characters (especially control
+ characters) in mod_log_config to make a clear distinction between
+ client-supplied strings (with special characters) and server-side
+ strings. This was already introduced in version 1.3.25.
+ [Andr� Malo]
+
*) mod_usertrack: don't set the cookie in subrequests. This works
around the problem that cookies were set twice during fast internal
redirects. PR 13211. [Andr� Malo]
1.57 +4 -2 httpd-2.0/include/ap_mmn.h
Index: ap_mmn.h
===================================================================
RCS file: /home/cvs/httpd-2.0/include/ap_mmn.h,v
retrieving revision 1.56
retrieving revision 1.57
diff -u -r1.56 -r1.57
--- ap_mmn.h 14 Feb 2003 04:17:34 -0000 1.56
+++ ap_mmn.h 6 Mar 2003 23:53:51 -0000 1.57
@@ -112,7 +112,9 @@
* 20020628 (2.0.40-dev) Added filter_init to filter registration functions
* 20020903 (2.0.41-dev) APR's error constants changed
* 20020903.1 (2.1.0-dev) allow_encoded_slashes added to core_dir_config
- * 20030213.1 (2.1.0-dev) changed log_writer optional fn's to return previous handler
+ * 20030213.1 (2.1.0-dev) changed log_writer optional fn's to return previous
+ * handler
+ * 20030213.2 (2.1.0-dev) add ap_escape_logitem
*/
#define MODULE_MAGIC_COOKIE 0x41503230UL /* "AP20" */
@@ -120,7 +122,7 @@
#ifndef MODULE_MAGIC_NUMBER_MAJOR
#define MODULE_MAGIC_NUMBER_MAJOR 20030213
#endif
-#define MODULE_MAGIC_NUMBER_MINOR 1 /* 0...n */
+#define MODULE_MAGIC_NUMBER_MINOR 2 /* 0...n */
/**
* Determine if the server's current MODULE_MAGIC_NUMBER is at least a
1.196 +8 -0 httpd-2.0/include/httpd.h
Index: httpd.h
===================================================================
RCS file: /home/cvs/httpd-2.0/include/httpd.h,v
retrieving revision 1.195
retrieving revision 1.196
diff -u -r1.195 -r1.196
--- httpd.h 6 Mar 2003 17:56:04 -0000 1.195
+++ httpd.h 6 Mar 2003 23:53:51 -0000 1.196
@@ -1360,6 +1360,14 @@
AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s);
/**
+ * Escape a string for logging
+ * @param p The pool to allocate from
+ * @param s The string to escape
+ * @return The escaped string
+ */
+AP_DECLARE(char *) ap_escape_logitem(apr_pool_t *p, const char *str);
+
+/**
* Construct a full hostname
* @param p The pool to allocate from
* @param hostname The hostname of the server
1.100 +31 -22 httpd-2.0/modules/loggers/mod_log_config.c
Index: mod_log_config.c
===================================================================
RCS file: /home/cvs/httpd-2.0/modules/loggers/mod_log_config.c,v
retrieving revision 1.99
retrieving revision 1.100
diff -u -r1.99 -r1.100
--- mod_log_config.c 14 Feb 2003 04:17:34 -0000 1.99
+++ mod_log_config.c 6 Mar 2003 23:53:51 -0000 1.100
@@ -333,8 +333,9 @@
static const char *log_remote_host(request_rec *r, char *a)
{
- return ap_get_remote_host(r->connection, r->per_dir_config,
- REMOTE_NAME, NULL);
+ return ap_escape_logitem(r->pool, ap_get_remote_host(r->connection,
+ r->per_dir_config,
+ REMOTE_NAME, NULL));
}
static const char *log_remote_address(request_rec *r, char *a)
@@ -349,7 +350,7 @@
static const char *log_remote_logname(request_rec *r, char *a)
{
- return ap_get_remote_logname(r);
+ return ap_escape_logitem(r->pool, ap_get_remote_logname(r));
}
static const char *log_remote_user(request_rec *r, char *a)
@@ -362,6 +363,10 @@
else if (strlen(rvalue) == 0) {
rvalue = "\"\"";
}
+ else {
+ rvalue = ap_escape_logitem(r->pool, rvalue);
+ }
+
return rvalue;
}
@@ -372,33 +377,37 @@
* (note the truncation before the protocol string for HTTP/0.9 requests)
* (note also that r->the_request contains the unmodified request)
*/
- return (r->parsed_uri.password)
- ? apr_pstrcat(r->pool, r->method, " ",
- apr_uri_unparse(r->pool, &r->parsed_uri, 0),
- r->assbackwards ? NULL : " ", r->protocol, NULL)
- : r->the_request;
+ return ap_escape_logitem(r->pool,
+ (r->parsed_uri.password)
+ ? apr_pstrcat(r->pool, r->method, " ",
+ apr_uri_unparse(r->pool,
+ &r->parsed_uri, 0),
+ r->assbackwards ? NULL : " ",
+ r->protocol, NULL)
+ : r->the_request);
}
static const char *log_request_file(request_rec *r, char *a)
{
- return r->filename;
+ return ap_escape_logitem(r->pool, r->filename);
}
static const char *log_request_uri(request_rec *r, char *a)
{
- return r->uri;
+ return ap_escape_logitem(r->pool, r->uri);
}
static const char *log_request_method(request_rec *r, char *a)
{
- return r->method;
+ return ap_escape_logitem(r->pool, r->method);
}
static const char *log_request_protocol(request_rec *r, char *a)
{
- return r->protocol;
+ return ap_escape_logitem(r->pool, r->protocol);
}
static const char *log_request_query(request_rec *r, char *a)
{
- return (r->args != NULL) ? apr_pstrcat(r->pool, "?", r->args, NULL)
- : "";
+ return (r->args) ? apr_pstrcat(r->pool, "?",
+ ap_escape_logitem(r->pool, r->args), NULL)
+ : "";
}
static const char *log_status(request_rec *r, char *a)
{
@@ -428,7 +437,7 @@
static const char *log_header_in(request_rec *r, char *a)
{
- return apr_table_get(r->headers_in, a);
+ return ap_escape_logitem(r->pool, apr_table_get(r->headers_in, a));
}
static const char *log_header_out(request_rec *r, char *a)
@@ -438,18 +447,18 @@
cp = ap_field_noparam(r->pool, r->content_type);
}
if (cp) {
- return cp;
+ return ap_escape_logitem(r->pool, cp);
}
- return apr_table_get(r->err_headers_out, a);
+ return ap_escape_logitem(r->pool, apr_table_get(r->err_headers_out, a));
}
static const char *log_note(request_rec *r, char *a)
{
- return apr_table_get(r->notes, a);
+ return ap_escape_logitem(r->pool, apr_table_get(r->notes, a));
}
static const char *log_env_var(request_rec *r, char *a)
{
- return apr_table_get(r->subprocess_env, a);
+ return ap_escape_logitem(r->pool, apr_table_get(r->subprocess_env, a));
}
static const char *log_cookie(request_rec *r, char *a)
@@ -467,7 +476,7 @@
if (end_cookie) {
*end_cookie = '\0';
}
- return cookie;
+ return ap_escape_logitem(r->pool, cookie);
}
}
return NULL;
@@ -585,7 +594,7 @@
*/
static const char *log_virtual_host(request_rec *r, char *a)
{
- return r->server->server_hostname;
+ return ap_escape_logitem(r->pool, r->server->server_hostname);
}
static const char *log_server_port(request_rec *r, char *a)
@@ -599,7 +608,7 @@
*/
static const char *log_server_name(request_rec *r, char *a)
{
- return ap_get_server_name(r);
+ return ap_escape_logitem(r->pool, ap_get_server_name(r));
}
static const char *log_child_pid(request_rec *r, char *a)
1.16 +13 -2 httpd-2.0/server/gen_test_char.c
Index: gen_test_char.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/gen_test_char.c,v
retrieving revision 1.15
retrieving revision 1.16
diff -u -r1.15 -r1.16
--- gen_test_char.c 3 Feb 2003 17:53:18 -0000 1.15
+++ gen_test_char.c 6 Mar 2003 23:53:52 -0000 1.16
@@ -73,6 +73,7 @@
#define T_ESCAPE_PATH_SEGMENT (0x02)
#define T_OS_ESCAPE_PATH (0x04)
#define T_HTTP_TOKEN_STOP (0x08)
+#define T_ESCAPE_LOGITEM (0x10)
int main(int argc, char *argv[])
{
@@ -85,13 +86,15 @@
"#define T_ESCAPE_PATH_SEGMENT (%u)\n"
"#define T_OS_ESCAPE_PATH (%u)\n"
"#define T_HTTP_TOKEN_STOP (%u)\n"
+ "#define T_ESCAPE_LOGITEM (%u)\n"
"\n"
"static const unsigned char test_char_table[256] = {\n"
" 0,",
T_ESCAPE_SHELL_CMD,
T_ESCAPE_PATH_SEGMENT,
T_OS_ESCAPE_PATH,
- T_HTTP_TOKEN_STOP);
+ T_HTTP_TOKEN_STOP,
+ T_ESCAPE_LOGITEM);
/* we explicitly dealt with NUL above
* in case some strchr() do bogosity with it */
@@ -135,8 +138,16 @@
flags |= T_HTTP_TOKEN_STOP;
}
- printf("%u%c", flags, (c < 255) ? ',' : ' ');
+ /* For logging, escape all control characters,
+ * double quotes (because they delimit the request in the log file)
+ * backslashes (because we use backslash for escaping)
+ * and 8-bit chars with the high bit set
+ */
+ if (!apr_isprint(c) || c == '"' || c == '\\' || apr_iscntrl(c)) {
+ flags |= T_ESCAPE_LOGITEM;
+ }
+ printf("%u%c", flags, (c < 255) ? ',' : ' ');
}
printf("\n};\n");
1.138 +52 -0 httpd-2.0/server/util.c
Index: util.c
===================================================================
RCS file: /home/cvs/httpd-2.0/server/util.c,v
retrieving revision 1.137
retrieving revision 1.138
diff -u -r1.137 -r1.138
--- util.c 12 Feb 2003 17:17:09 -0000 1.137
+++ util.c 6 Mar 2003 23:53:52 -0000 1.138
@@ -1784,6 +1784,58 @@
return x;
}
+AP_DECLARE(char *) ap_escape_logitem(apr_pool_t *p, const char *str)
+{
+ char *ret;
+ unsigned char *d;
+ const unsigned char *s;
+
+ if (!str) {
+ return NULL;
+ }
+
+ ret = apr_palloc(p, 4 * strlen(str) + 1); /* Be safe */
+ d = (unsigned char *)ret;
+ s = (const unsigned char *)str;
+ for (; *s; ++s) {
+
+ if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) {
+ *d++ = '\\';
+ switch(*s) {
+ case '\b':
+ *d++ = 'b';
+ break;
+ case '\n':
+ *d++ = 'n';
+ break;
+ case '\r':
+ *d++ = 'r';
+ break;
+ case '\t':
+ *d++ = 't';
+ break;
+ case '\v':
+ *d++ = 'v';
+ break;
+ case '\\':
+ case '"':
+ *d++ = *s;
+ break;
+ default:
+ c2x(*s, d);
+ *d = 'x';
+ d += 3;
+ }
+ }
+ else {
+ *d++ = *s;
+ }
+ }
+ *d = '\0';
+
+ return ret;
+}
+
AP_DECLARE(int) ap_is_directory(apr_pool_t *p, const char *path)
{
apr_finfo_t finfo;