Attachment #17068 for bug #50450

View | Details | Raw Unified | Return to bug 50450
Collapse All | Expand All

Lines 402-407 Link Here

(-)httpd-2.0.48.orig/server/log.c (-2 / +23 lines)
402	const char *fmt, va_list args)	360	const char *fmt, va_list args)
403	{	361	{
404	char errstr[MAX_STRING_LEN];	362	char errstr[MAX_STRING_LEN];
		363	#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
		364	char scratch[MAX_STRING_LEN];
		365	#endif
405	apr_size_t len, errstrlen;	366	apr_size_t len, errstrlen;
406	apr_file_t *logf = NULL;	367	apr_file_t *logf = NULL;
407	const char *referer;	368	const char *referer;
Lines 536-547 Link Here
536	errstr[len] = '\0';	497	errstr[len] = '\0';
537	}	498	}
538	}	499	}
		500
539	errstrlen = len;	501	errstrlen = len;
		502	#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
		503	if (apr_vsnprintf(scratch, MAX_STRING_LEN - len, fmt, args)) {
		504	len += ap_escape_errorlog_item(errstr + len, scratch,
		505	MAX_STRING_LEN - len);
		506	}
		507	#else
540	len += apr_vsnprintf(errstr + len, MAX_STRING_LEN - len, fmt, args);	508	len += apr_vsnprintf(errstr + len, MAX_STRING_LEN - len, fmt, args);
		509	#endif
541		510
542	if (r && (referer = apr_table_get(r->headers_in, "Referer"))) {	511	if ( r && (referer = apr_table_get(r->headers_in, "Referer"))
		512	#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
		513	&& ap_escape_errorlog_item(scratch, referer, MAX_STRING_LEN - len)
		514	#endif
		515	) {
543	len += apr_snprintf(errstr + len, MAX_STRING_LEN - len,	516	len += apr_snprintf(errstr + len, MAX_STRING_LEN - len,
544	", referer: %s", referer);	517	", referer: %s",
		518	#ifndef AP_UNSAFE_ERROR_LOG_UNESCAPED
		519	scratch
		520	#else
		521	referer
		522	#endif
		523	);
545	}	524	}
546		525
547	/* NULL if we are logging to syslog */	526	/* NULL if we are logging to syslog */




/**
 * Escape a string for logging
 * @param p The pool to allocate from
 * @param str The string to escape
 * @return The escaped string
 */
AP_DECLARE(char *) ap_escape_logitem(apr_pool_t *p, const char *str);

/**
 * Escape a string for logging into the error log (without a pool)
 * @param dest The buffer to write to
 * @param source The string to escape
 * @param buflen The buffer size for the escaped string (including \0)
 * @return The len of the escaped string (always < maxlen)
 */
AP_DECLARE(apr_size_t) ap_escape_errorlog_item(char *dest, const char *source,
                                               apr_size_t buflen);

/**
 * Construct a full hostname
 * @param p The pool to allocate from
 * @param hostname The hostname of the server




    return ret;
}

AP_DECLARE(apr_size_t) ap_escape_errorlog_item(char *dest, const char *source,
                                               apr_size_t buflen)
{
    unsigned char *d, *ep;
    const unsigned char *s;

    if (!source || !buflen) { /* be safe */
        return 0;
    }

    d = (unsigned char *)dest;
    s = (const unsigned char *)source;
    ep = d + buflen - 1;

    for (; d < ep && *s; ++s) {

        if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) {
            *d++ = '\\';
            if (d >= ep) {
                --d;
                break;
            }

            switch(*s) {
            case '\b':
                *d++ = 'b';
                break;
            case '\n':
                *d++ = 'n';
                break;
            case '\r':
                *d++ = 'r';
                break;
            case '\t':
                *d++ = 't';
                break;
            case '\v':
                *d++ = 'v';
                break;
            case '\\':
                *d++ = *s;
                break;
            case '"': /* no need for this in error log */
                d[-1] = *s;
                break;
            default:
                if (d >= ep - 2) {
                    ep = --d; /* break the for loop as well */
                    break;
                }
                c2x(*s, d);
                *d = 'x';
                d += 3;
            }
        }
        else {
            *d++ = *s;
        }
    }
    *d = '\0';

    return (d - (unsigned char *)dest);
}

AP_DECLARE(int) ap_is_directory(apr_pool_t *p, const char *path)
{
    apr_finfo_t finfo;

Return to bug 50450

Lines 1370-1381 Link Here

(-)httpd-2.0.48.orig/include/httpd.h (-1 / +11 lines)
1370	/**	1343	/**
1371	* Escape a string for logging	1344	* Escape a string for logging
1372	* @param p The pool to allocate from	1345	* @param p The pool to allocate from
1373	* @param s The string to escape	1346	* @param str The string to escape
1374	* @return The escaped string	1347	* @return The escaped string
1375	*/	1348	*/
1376	AP_DECLARE(char ) ap_escape_logitem(apr_pool_t p, const char *str);	1349	AP_DECLARE(char ) ap_escape_logitem(apr_pool_t p, const char *str);
1377		1350
1378	/**	1351	/**
		1352	* Escape a string for logging into the error log (without a pool)
		1353	* @param dest The buffer to write to
		1354	* @param source The string to escape
		1355	* @param buflen The buffer size for the escaped string (including \0)
		1356	* @return The len of the escaped string (always < maxlen)
		1357	*/
		1358	AP_DECLARE(apr_size_t) ap_escape_errorlog_item(char dest, const char source,
		1359	apr_size_t buflen);
		1360
		1361	/**
1379	* Construct a full hostname	1362	* Construct a full hostname
1380	* @param p The pool to allocate from	1363	* @param p The pool to allocate from
1381	* @param hostname The hostname of the server	1364	* @param hostname The hostname of the server

Lines 1837-1842 Link Here

(-)httpd-2.0.48.orig/server/util.c (+64 lines)
1837	return ret;	1794	return ret;
1838	}	1795	}
1839		1796
		1797	AP_DECLARE(apr_size_t) ap_escape_errorlog_item(char dest, const char source,
		1798	apr_size_t buflen)
		1799	{
		1800	unsigned char d, ep;
		1801	const unsigned char *s;
		1802
		1803	if (!source \|\| !buflen) { /* be safe */
		1804	return 0;
		1805	}
		1806
		1807	d = (unsigned char *)dest;
		1808	s = (const unsigned char *)source;
		1809	ep = d + buflen - 1;
		1810
		1811	for (; d < ep && *s; ++s) {
		1812
		1813	if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) {
		1814	*d++ = '\\';
		1815	if (d >= ep) {
		1816	--d;
		1817	break;
		1818	}
		1819
		1820	switch(*s) {
		1821	case '\b':
		1822	*d++ = 'b';
		1823	break;
		1824	case '\n':
		1825	*d++ = 'n';
		1826	break;
		1827	case '\r':
		1828	*d++ = 'r';
		1829	break;
		1830	case '\t':
		1831	*d++ = 't';
		1832	break;
		1833	case '\v':
		1834	*d++ = 'v';
		1835	break;
		1836	case '\\':
		1837	d++ = s;
		1838	break;
		1839	case '"': /* no need for this in error log */
		1840	d[-1] = *s;
		1841	break;
		1842	default:
		1843	if (d >= ep - 2) {
		1844	ep = --d; /* break the for loop as well */
		1845	break;
		1846	}
		1847	c2x(*s, d);
		1848	*d = 'x';
		1849	d += 3;
		1850	}
		1851	}
		1852	else {
		1853	d++ = s;
		1854	}
		1855	}
		1856	*d = '\0';
		1857
		1858	return (d - (unsigned char *)dest);
		1859	}
		1860
1840	AP_DECLARE(int) ap_is_directory(apr_pool_t p, const char path)	1861	AP_DECLARE(int) ap_is_directory(apr_pool_t p, const char path)
1841	{	1862	{
1842	apr_finfo_t finfo;	1863	apr_finfo_t finfo;