From: André Malo Date: Fri, 23 Jan 2004 00:04:41 +0000 (+0000) Subject: Unescaped errorlogs are still possible using the compile time switch X-Git-Tag: 2.0.49~200 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3a593baed7475ec19d04c0ec4342214c61ffde5c;p=thirdparty%2Fapache%2Fhttpd.git Unescaped errorlogs are still possible using the compile time switch "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". Reviewed by: Stas Bekman, Geoffrey Young git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/APACHE_2_0_BRANCH@102390 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index c443f1774df..ea000fdddcf 100644 --- a/CHANGES +++ b/CHANGES @@ -67,8 +67,10 @@ Changes with Apache 2.0.49 *) mod_dav: Return a WWW-auth header for MOVE/COPY requests where the destination resource gives a 401. PR 15571. [Joe Orton] - *) SECURITY [CAN-2003-0020]: Escape arbitrary data before writing - into the errorlog. [André Malo] + *) SECURITY: CAN-2003-0020 (cve.mitre.org) + Escape arbitrary data before writing into the errorlog. Unescaped + errorlogs are still possible using the compile time switch + "-DAP_UNSAFE_ERROR_LOG_UNESCAPED". [Geoffrey Young, André Malo] *) mod_autoindex / core: Don't fail to show filenames containing special characters like '%'. PR 13598. [André Malo] diff --git a/STATUS b/STATUS index 1fafd106908..1060174b6e6 100644 --- a/STATUS +++ b/STATUS @@ -1,5 +1,5 @@ APACHE 2.0 STATUS: -*-text-*- -Last modified at [$Date: 2004/01/21 15:00:50 $] +Last modified at [$Date: 2004/01/23 00:04:40 $] Release: @@ -74,11 +74,6 @@ RELEASE SHOWSTOPPERS: but actually resolving the host would not. To catch the check via retcode, you have to specify the NI_NAMEREQD flag. - * unescaped error logs seem to be essential for some folks - backport -DAP_UNSAFE_ERROR_LOG_UNESCAPED to 2.0 and 1.3 - server/log.c: r1.139, r1.140 - +1: nd, stas, geoff - PATCHES TO BACKPORT FROM 2.1 [ please place file names and revisions from HEAD here, so it is easy to identify exactly what the proposed changes are! ] diff --git a/server/log.c b/server/log.c index 1d36a35b617..76cf60add4c 100644 --- a/server/log.c +++ b/server/log.c @@ -401,7 +401,10 @@ static void log_error_core(const char *file, int line, int level, const request_rec *r, apr_pool_t *pool, const char *fmt, va_list args) { - char errstr[MAX_STRING_LEN], scratch[MAX_STRING_LEN]; + char errstr[MAX_STRING_LEN]; +#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED + char scratch[MAX_STRING_LEN]; +#endif apr_size_t len, errstrlen; apr_file_t *logf = NULL; const char *referer; @@ -538,15 +541,28 @@ static void log_error_core(const char *file, int line, int level, } errstrlen = len; +#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED if (apr_vsnprintf(scratch, MAX_STRING_LEN - len, fmt, args)) { len += ap_escape_errorlog_item(errstr + len, scratch, MAX_STRING_LEN - len); } +#else + len += apr_vsnprintf(errstr + len, MAX_STRING_LEN - len, fmt, args); +#endif if ( r && (referer = apr_table_get(r->headers_in, "Referer")) - && ap_escape_errorlog_item(scratch, referer, MAX_STRING_LEN - len)) { +#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED + && ap_escape_errorlog_item(scratch, referer, MAX_STRING_LEN - len) +#endif + ) { len += apr_snprintf(errstr + len, MAX_STRING_LEN - len, - ", referer: %s", scratch); + ", referer: %s", +#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED + scratch +#else + referer +#endif + ); } /* NULL if we are logging to syslog */