nd 2003/12/14 10:16:50
Modified: src CHANGES src/include ap_mmn.h httpd.h src/main http_log.c util.c Log: SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog. Index: http_log.c =================================================================== RCS file: /home/cvs/apache-1.3/src/main/http_log.c,v retrieving revision 1.96 retrieving revision 1.97 diff -u -u -r1.96 -r1.97 --- http_log.c 3 Feb 2003 17:13:21 -0000 1.96 +++ http_log.c 14 Dec 2003 18:16:50 -0000 1.97 @@ -313,7 +313,7 @@ const server_rec *s, const request_rec *r, const char *fmt, va_list args) { - char errstr[MAX_STRING_LEN]; + char errstr[MAX_STRING_LEN], scratch[MAX_STRING_LEN];
Surely scratch and errstr should be MAX_STRING_LEN*4?
+ default:
+ if (d >= ep - 2) {
+ ep = --d; /* break the for loop as well */
+ break;
+ }
+ c2x(*s, d);
Am I being dim? Shouldn't this be c2x(*s,d+1)?
+ *d = 'x';
+ d += 3;
+ }
+ }
+ else {
+ *d++ = *s;
+ }
+ }
+ *d = '\0';
+
+ return (d - (unsigned char *)dest);
+}
Cheers,
Ben.
-- http://www.apache-ssl.org/ben.html http://www.thebunker.net/
"There is no limit to what a man can do or how far he can go if he doesn't mind who gets the credit." - Robert Woodruff
