From e0c3bc4dcb13324a6369f157e7c62137cb3936cf Mon Sep 17 00:00:00 2001
From: Bill Stoddard <stoddard@apache.org>
Date: Tue, 24 Aug 2004 01:49:59 +0000
Subject: [PATCH] Escape bytes returned by the errfn because it might be from
 an untrusted source

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@104780 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/generators/mod_cgi.c | 5 ++++-
 1 file changed, 4 insertions(+), 1 deletion(-)

diff --git a/modules/generators/mod_cgi.c b/modules/generators/mod_cgi.c
index bfb0a551bff..66116b599f5 100644
--- a/modules/generators/mod_cgi.c
+++ b/modules/generators/mod_cgi.c
@@ -352,11 +352,14 @@ static void cgi_child_errfn(apr_pool_t *pool, apr_status_t err,
     char errbuf[200];
 
     apr_file_open_stderr(&stderr_log, pool);
+    /* Escape the logged string because it may be something that
+     * came in over the network.
+     */
     apr_file_printf(stderr_log,
                     "(%d)%s: %s\n",
                     err,
                     apr_strerror(err, errbuf, sizeof(errbuf)),
-                    description);
+                    ap_escape_logitem(pool, description));
 }
 
 static apr_status_t run_cgi_child(apr_file_t **script_out,
-- 
2.47.2