fielding 00/02/07 16:34:44
Modified: src/main http_protocol.c src/modules/proxy proxy_util.c Log: Fix a few more cases where we were not properly html_escaping text for error-notes that came from the untrusted client request. Revision Changes Path 1.288 +2 -2 apache-1.3/src/main/http_protocol.c Index: http_protocol.c =================================================================== RCS file: /home/cvs/apache-1.3/src/main/http_protocol.c,v retrieving revision 1.287 retrieving revision 1.288 diff -u -r1.287 -r1.288 --- http_protocol.c 2000/02/02 20:43:50 1.287 +++ http_protocol.c 2000/02/08 00:34:36 1.288 @@ -958,7 +958,7 @@ r->status = HTTP_BAD_REQUEST; ap_table_setn(r->notes, "error-notes", ap_pstrcat(r->pool, "Size of a request header field exceeds server limit.<P>\n" - "<PRE>\n", field, "</PRE>\n", NULL)); + "<PRE>\n", ap_escape_html(r->pool, field), "</PRE>\n", NULL)); return; } copy = ap_palloc(r->pool, len + 1); @@ -968,7 +968,7 @@ r->status = HTTP_BAD_REQUEST; /* or abort the bad request */ ap_table_setn(r->notes, "error-notes", ap_pstrcat(r->pool, "Request header field is missing colon separator.<P>\n" - "<PRE>\n", copy, "</PRE>\n", NULL)); + "<PRE>\n", ap_escape_html(r->pool, copy), "</PRE>\n", NULL)); return; } 1.85 +3 -2 apache-1.3/src/modules/proxy/proxy_util.c Index: proxy_util.c =================================================================== RCS file: /home/cvs/apache-1.3/src/modules/proxy/proxy_util.c,v retrieving revision 1.84 retrieving revision 1.85 diff -u -r1.84 -r1.85 --- proxy_util.c 2000/02/02 20:43:57 1.84 +++ proxy_util.c 2000/02/08 00:34:40 1.85 @@ -845,13 +845,14 @@ ap_pstrcat(r->pool, "The proxy server could not handle the request " "<EM><A HREF=\"", ap_escape_uri(r->pool, r->uri), - "\">", r->method, " ", + "\">", ap_escape_html(r->pool, r->method), + " ", ap_escape_html(r->pool, r->uri), "</A></EM>.<P>\n" "Reason: <STRONG>", ap_escape_html(r->pool, message), "</STRONG>", NULL)); - /* Allow the "error-notes" string to be printed by ap_send_error_response() */ + /* Allow "error-notes" string to be printed by ap_send_error_response() */ ap_table_setn(r->notes, "verbose-error-to", ap_pstrdup(r->pool, "*")); r->status_line = ap_psprintf(r->pool, "%3.3u Proxy Error", statuscode);