From: Marc Slemko Date: Sun, 29 Jul 2001 21:37:46 +0000 (+0000) Subject: Add a modified form of the patch in PR 7848 to prevent people X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=5390f0b32c82e31def1fbaa620579edf0fdc7083;p=thirdparty%2Fapache%2Fhttpd.git Add a modified form of the patch in PR 7848 to prevent people from using specially crafted vhost names to write to any .log file on the system. PR: 7848 Obtained from: Submitted by: Daniel Matuschek and Marc Slemko Reviewed by: git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@89771 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/src/CHANGES b/src/CHANGES index a9b29394749..48d2af06878 100644 --- a/src/CHANGES +++ b/src/CHANGES @@ -1,5 +1,12 @@ Changes with Apache 1.3.21 + *) SECURITY: Make support/split-logfile use the default log file if + "/" or "\" are present in the virtual host name. This prevents + the possible use of specially crafted virtual host names in + some configurations to allow writing to any .log file on the + system. [Daniel Matuschek , + Marc Slemko] PR#7848 + *) Added a directive: "AcceptFilter ". To control BSD acccept filters when at compile time SO_ACCEPT_FILTER is detected. The default is still 'on' except when, at compile diff --git a/src/support/split-logfile b/src/support/split-logfile index bc24f388f53..3f5c397c9f0 100644 --- a/src/support/split-logfile +++ b/src/support/split-logfile @@ -87,6 +87,11 @@ while ($log_line = ) { # $vhost = lc ($vhost) or "access"; # + # if the vhost contains a "/" or "\", it is illegal so just use + # the default log to avoid any security issues due if it is interprted + # as a directory separator. + if ($vhost =~ m#[/\\]#) { $vhost = "access" } + # # If the log file for this virtual host isn't opened # yet, do it now. #