Add a modified form of the patch in PR 7848 to prevent people

from using specially crafted vhost names to write to any .log file on
the system.

PR: 7848
Obtained from:
Submitted by:	Daniel Matuschek <daniel.matuschek@swisscom.com> and Marc Slemko
Reviewed by:

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@89771 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/src/CHANGES b/src/CHANGES
index a9b29394749ceca9a51ca55c68e88b103138e743..48d2af068785c22432920c4ca648cc0b4b603487 100644 (file)
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -1,5 +1,12 @@
 Changes with Apache 1.3.21
 
+  *) SECURITY: Make support/split-logfile use the default log file if
+     "/" or "\" are present in the virtual host name.  This prevents
+     the possible use of specially crafted virtual host names in
+     some configurations to allow writing to any .log file on the
+     system.  [Daniel Matuschek <daniel.matuschek@swisscom.com>,
+     Marc Slemko]  PR#7848
+
   *) Added a directive: "AcceptFilter <on|off>". To control BSD 
      acccept filters when at compile time SO_ACCEPT_FILTER is 
      detected. The default is still 'on' except when, at compile

diff --git a/src/support/split-logfile b/src/support/split-logfile
index bc24f388f533302dd4ed2e1d6844e521d1f4b0e0..3f5c397c9f0f9772e43e6e657e724b11bbb9b4b4 100644 (file)
--- a/src/support/split-logfile
+++ b/src/support/split-logfile
@@ -87,6 +87,11 @@ while ($log_line = <STDIN>) {
     #
     $vhost = lc ($vhost) or "access";
     #
+    # if the vhost contains a "/" or "\", it is illegal so just use 
+    # the default log to avoid any security issues due if it is interprted
+    # as a directory separator.
+    if ($vhost =~ m#[/\\]#) { $vhost = "access" }
+    #
     # If the log file for this virtual host isn't opened
     # yet, do it now.
     #