diff options
Diffstat (limited to 'www/apache/patches/patch-ar')
-rw-r--r-- | www/apache/patches/patch-ar | 75 |
1 files changed, 75 insertions, 0 deletions
diff --git a/www/apache/patches/patch-ar b/www/apache/patches/patch-ar new file mode 100644 index 00000000000..5461b844597 --- /dev/null +++ b/www/apache/patches/patch-ar @@ -0,0 +1,75 @@ +$NetBSD: patch-ar,v 1.3 2004/04/07 19:53:27 reed Exp $ +SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the errorlog + +--- src/main/util.c.orig 2003-02-03 09:13:23.000000000 -0800 ++++ src/main/util.c +@@ -1520,6 +1520,69 @@ API_EXPORT(char *) ap_escape_logitem(poo + return ret; + } + ++API_EXPORT(size_t) ap_escape_errorlog_item(char *dest, const char *source, ++ size_t buflen) ++{ ++ unsigned char *d, *ep; ++ const unsigned char *s; ++ ++ if (!source || !buflen) { /* be safe */ ++ return 0; ++ } ++ ++ d = (unsigned char *)dest; ++ s = (const unsigned char *)source; ++ ep = d + buflen - 1; ++ ++ for (; d < ep && *s; ++s) { ++ ++ if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) { ++ *d++ = '\\'; ++ if (d >= ep) { ++ --d; ++ break; ++ } ++ ++ switch(*s) { ++ case '\b': ++ *d++ = 'b'; ++ break; ++ case '\n': ++ *d++ = 'n'; ++ break; ++ case '\r': ++ *d++ = 'r'; ++ break; ++ case '\t': ++ *d++ = 't'; ++ break; ++ case '\v': ++ *d++ = 'v'; ++ break; ++ case '\\': ++ *d++ = *s; ++ break; ++ case '"': /* no need for this in error log */ ++ d[-1] = *s; ++ break; ++ default: ++ if (d >= ep - 2) { ++ ep = --d; /* break the for loop as well */ ++ break; ++ } ++ c2x(*s, d); ++ *d = 'x'; ++ d += 3; ++ } ++ } ++ else { ++ *d++ = *s; ++ } ++ } ++ *d = '\0'; ++ ++ return (d - (unsigned char *)dest); ++} + + API_EXPORT(char *) ap_escape_shell_cmd(pool *p, const char *str) + { |