From: Bill Stoddard <stoddard@apache.org>
Date: Tue, 24 Aug 2004 01:49:59 +0000 (+0000)
Subject: Escape bytes returned by the errfn because it might be from an untrusted source
X-Git-Tag: STRIKER_2_1_0_RC1~53
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=e0c3bc4dcb13324a6369f157e7c62137cb3936cf;p=thirdparty%2Fapache%2Fhttpd.git

Escape bytes returned by the errfn because it might be from an untrusted source


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104780 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/modules/generators/mod_cgi.c b/modules/generators/mod_cgi.c
index bfb0a551bff..66116b599f5 100644
--- a/modules/generators/mod_cgi.c
+++ b/modules/generators/mod_cgi.c
@@ -352,11 +352,14 @@ static void cgi_child_errfn(apr_pool_t *pool, apr_status_t err,
     char errbuf[200];
 
     apr_file_open_stderr(&stderr_log, pool);
+    /* Escape the logged string because it may be something that
+     * came in over the network.
+     */
     apr_file_printf(stderr_log,
                     "(%d)%s: %s\n",
                     err,
                     apr_strerror(err, errbuf, sizeof(errbuf)),
-                    description);
+                    ap_escape_logitem(pool, description));
 }
 
 static apr_status_t run_cgi_child(apr_file_t **script_out,