1 files changed, 75 insertions, 0 deletions

diff --git a/www/apache/patches/patch-ar b/www/apache/patches/patch-ar
new file mode 100644
index 00000000000..5461b844597
--- /dev/null
+++ b/www/apache/patches/patch-ar
@@ -0,0 +1,75 @@
+$NetBSD: patch-ar,v 1.3 2004/04/07 19:53:27 reed Exp $
+SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog
+
+--- src/main/util.c.orig	2003-02-03 09:13:23.000000000 -0800
++++ src/main/util.c
+@@ -1520,6 +1520,69 @@ API_EXPORT(char *) ap_escape_logitem(poo
+     return ret;
+ }
+ 
++API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source,
++                                           size_t buflen)
++{
++    unsigned char *d, *ep;
++    const unsigned char *s;
++
++    if (!source || !buflen) { /* be safe */
++        return 0;
++    }
++
++    d = (unsigned char *)dest;
++    s = (const unsigned char *)source;
++    ep = d + buflen - 1;
++
++    for (; d < ep && *s; ++s) {
++
++        if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) {
++            *d++ = '\\';
++            if (d >= ep) {
++                --d;
++                break;
++            }
++
++            switch(*s) {
++            case '\b':
++                *d++ = 'b';
++                break;
++            case '\n':
++                *d++ = 'n';
++                break;
++            case '\r':
++                *d++ = 'r';
++                break;
++            case '\t':
++                *d++ = 't';
++                break;
++            case '\v':
++                *d++ = 'v';
++                break;
++            case '\\':
++                *d++ = *s;
++                break;
++            case '"': /* no need for this in error log */
++                d[-1] = *s;
++                break;
++            default:
++                if (d >= ep - 2) {
++                    ep = --d; /* break the for loop as well */
++                    break;
++                }
++                c2x(*s, d);
++                *d = 'x';
++                d += 3;
++            }
++        }
++        else {
++            *d++ = *s;
++        }
++    }
++    *d = '\0';
++
++    return (d - (unsigned char *)dest);
++}
+ 
+ API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *str)
+ {