CVSROOT: /cvs Module name: src Changes by: [email protected] 2015/07/15 10:02:39
Modified files:
usr.sbin/httpd : server_http.c
Log message:
httpd don't sanitize variables before putting them in logs. It is possible for
an attacker to push arbitaries characters in logs (newline for forging entries,
or some control escaping interpreted by terminal emulator).
OK reyk@
