Unescaped errorlogs are still possible using the compile time switch

"-DAP_UNSAFE_ERROR_LOG_UNESCAPED".

Reviewed by:    Stas Bekman, Geoffrey Young

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@102390 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index c443f1774dfb5326882bae8c534125a4a3f178a4..ea000fdddcf84925d15225148b576151a6f937fe 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -67,8 +67,10 @@ Changes with Apache 2.0.49
   *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where
      the destination resource gives a 401.  PR 15571.  [Joe Orton]
 
-  *) SECURITY [CAN-2003-0020]: Escape arbitrary data before writing
-     into the errorlog.  [André Malo]
+  *) SECURITY: CAN-2003-0020 (cve.mitre.org)
+     Escape arbitrary data before writing into the errorlog. Unescaped
+     errorlogs are still possible using the compile time switch
+     "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".  [Geoffrey Young, André Malo]
 
   *) mod_autoindex / core: Don't fail to show filenames containing
      special characters like '%'. PR 13598.  [André Malo]

diff --git a/STATUS b/STATUS
index 1fafd10690806bec2194d13dc43da3928337acdf..1060174b6e66cd469ab65f66662fd43e65a52c94 100644 (file)
--- a/STATUS
+++ b/STATUS
@@ -1,5 +1,5 @@
 APACHE 2.0 STATUS:                                              -*-text-*-
-Last modified at [$Date: 2004/01/21 15:00:50 $]
+Last modified at [$Date: 2004/01/23 00:04:40 $]
 
 Release:
 
@@ -74,11 +74,6 @@ RELEASE SHOWSTOPPERS:
     but actually resolving the host would not.  To catch the check
     via retcode, you have to specify the NI_NAMEREQD flag.
 
-    * unescaped error logs seem to be essential for some folks
-      backport -DAP_UNSAFE_ERROR_LOG_UNESCAPED to 2.0 and 1.3
-        server/log.c: r1.139, r1.140
-    +1: nd, stas, geoff
-
 PATCHES TO BACKPORT FROM 2.1
   [ please place file names and revisions from HEAD here, so it is easy to
     identify exactly what the proposed changes are! ]

diff --git a/server/log.c b/server/log.c
index 1d36a35b617752a30fa2db7feb2c3eb2d93baee7..76cf60add4c739f478d9a0b6d433f1855b32fe64 100644 (file)
--- a/server/log.c
+++ b/server/log.c
@@ -401,7 +401,10 @@ static void log_error_core(const char *file, int line, int level,
                            const request_rec *r, apr_pool_t *pool,
                            const char *fmt, va_list args)
 {
-    char errstr[MAX_STRING_LEN], scratch[MAX_STRING_LEN];
+    char errstr[MAX_STRING_LEN];
+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
+    char scratch[MAX_STRING_LEN];
+#endif
     apr_size_t len, errstrlen;
     apr_file_t *logf = NULL;
     const char *referer;
@@ -538,15 +541,28 @@ static void log_error_core(const char *file, int line, int level,
     }
 
     errstrlen = len;
+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
     if (apr_vsnprintf(scratch, MAX_STRING_LEN - len, fmt, args)) {
         len += ap_escape_errorlog_item(errstr + len, scratch,
                                        MAX_STRING_LEN - len);
     }
+#else
+    len += apr_vsnprintf(errstr + len, MAX_STRING_LEN - len, fmt, args);
+#endif
 
     if (   r && (referer = apr_table_get(r->headers_in, "Referer"))
-        && ap_escape_errorlog_item(scratch, referer, MAX_STRING_LEN - len)) {
+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
+        && ap_escape_errorlog_item(scratch, referer, MAX_STRING_LEN - len)
+#endif
+        ) {
         len += apr_snprintf(errstr + len, MAX_STRING_LEN - len,
-                            ", referer: %s", scratch);
+                            ", referer: %s",
+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
+                            scratch
+#else
+                            referer
+#endif
+                            );
     }
 
     /* NULL if we are logging to syslog */