From: Stefan Fritsch <sf@apache.org>
Date: Sat, 8 Dec 2012 20:32:00 +0000 (+0000)
Subject: CVE-2012-3499
X-Git-Tag: 2.5.0-alpha~6053
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=d5b414c34d90cd63196a9214872c55e390838a9c;p=thirdparty%2Fapache%2Fhttpd.git

CVE-2012-3499

add missing html escaping


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1418752 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/ldap/util_ldap_cache_mgr.c b/modules/ldap/util_ldap_cache_mgr.c
index 826757704fa..ae7e652aeca 100644
--- a/modules/ldap/util_ldap_cache_mgr.c
+++ b/modules/ldap/util_ldap_cache_mgr.c
@@ -604,7 +604,7 @@ char *util_ald_cache_display_stats(request_rec *r, util_ald_cache_t *cache, char
     if (id) {
         buf2 = apr_psprintf(p,
                  "<a href=\"%s?%s\">%s</a>",
-             r->uri,
+             ap_escape_html(r->pool, ap_escape_uri(r->pool, r->uri)),
              id,
              name);
     }
diff --git a/modules/test/mod_policy.c b/modules/test/mod_policy.c
index 473b31c6241..8138f83165e 100644
--- a/modules/test/mod_policy.c
+++ b/modules/test/mod_policy.c
@@ -1011,7 +1011,8 @@ static const char *set_type_url(cmd_parms *cmd, void *dconf, const char *url)
 {
     policy_conf *conf = dconf;
 
-    conf->type_url = url;
+    /* url is only used inside <a href="...">, escape accordingly */
+    conf->type_url = ap_escape_html(cmd->pool, url);
     conf->type_url_set = 1;
 
     return NULL;