From: André Malo <nd@apache.org>
Date: Fri, 23 Jan 2004 00:05:57 +0000 (+0000)
Subject: Unescaped errorlogs are still possible using the compile time switch
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0b64d4cb0e7ed380f012a52e3979dc0343b4e7b;p=thirdparty%2Fapache%2Fhttpd.git

Unescaped errorlogs are still possible using the compile time switch
"-DAP_UNSAFE_ERROR_LOG_UNESCAPED".

Reviewed by:    Stas Bekman, Geoffrey Young


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@102391 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/src/CHANGES b/src/CHANGES
index 7efb5f1769d..16f21df307c 100644
--- a/src/CHANGES
+++ b/src/CHANGES
@@ -25,8 +25,9 @@ Changes with Apache 1.3.30
      [Ben Laurie]
 
   *) SECURITY: CAN-2003-0020 (cve.mitre.org)
-     Escape arbitrary data before writing into the errorlog.  
-     [André Malo]
+     Escape arbitrary data before writing into the errorlog. Unescaped
+     errorlogs are still possible using the compile time switch
+     "-DAP_UNSAFE_ERROR_LOG_UNESCAPED".  [Geoffrey Young, André Malo]
 
   *) '%X' is now accepted as an alias for '%c' in the
      LogFormat directive. This allows you to configure logging
diff --git a/src/main/http_log.c b/src/main/http_log.c
index 9f5eabc35cf..ccb3f896598 100644
--- a/src/main/http_log.c
+++ b/src/main/http_log.c
@@ -313,7 +313,10 @@ static void log_error_core(const char *file, int line, int level,
 			   const server_rec *s, const request_rec *r,
 			   const char *fmt, va_list args)
 {
-    char errstr[MAX_STRING_LEN], scratch[MAX_STRING_LEN];
+    char errstr[MAX_STRING_LEN];
+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
+    char scratch[MAX_STRING_LEN];
+#endif
     size_t len;
     int save_errno = errno;
     FILE *logf;
@@ -445,10 +448,14 @@ static void log_error_core(const char *file, int line, int level,
     }
 #endif
 
+#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
     if (ap_vsnprintf(scratch, sizeof(scratch) - len, fmt, args)) {
         len += ap_escape_errorlog_item(errstr + len, scratch,
                                        sizeof(errstr) - len);
     }
+#else
+    len += ap_vsnprintf(errstr + len, sizeof(errstr) - len, fmt, args);
+#endif
 
     /* NULL if we are logging to syslog */
     if (logf) {