Escape bytes returned by the errfn because it might be from an untrusted source

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104780 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/modules/generators/mod_cgi.c b/modules/generators/mod_cgi.c
index bfb0a551bff7fdf6686ded0b52b582b33a481c44..66116b599f579dc3a077d40ddd295d2d99f345e8 100644 (file)
--- a/modules/generators/mod_cgi.c
+++ b/modules/generators/mod_cgi.c
@@ -352,11 +352,14 @@ static void cgi_child_errfn(apr_pool_t *pool, apr_status_t err,
     char errbuf[200];
 
     apr_file_open_stderr(&stderr_log, pool);
+    /* Escape the logged string because it may be something that
+     * came in over the network.
+     */
     apr_file_printf(stderr_log,
                     "(%d)%s: %s\n",
                     err,
                     apr_strerror(err, errbuf, sizeof(errbuf)),
-                    description);
+                    ap_escape_logitem(pool, description));
 }
 
 static apr_status_t run_cgi_child(apr_file_t **script_out,