httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject cvs commit: httpd-2.0/server core.c util_script.c
Date Wed, 02 Oct 2002 21:35:57 GMT
wrowe       2002/10/02 14:35:57

  Modified:    .        CHANGES
               server   core.c util_script.c
  Log:
    *) SECURITY: [CAN-2002-0840] HTML-escape the address produced by
       ap_server_signature() against this cross-site scripting
       vulnerability exposed by the directive 'UseCanonicalName Off'.
       Also HTML-escape the SERVER_NAME environment variable for CGI
       and SSI requests.  It's safe to escape as only the '<', '>',
       and '&' characters are affected, which won't appear in a valid
       hostname.  Reported by Matthew Murphy <mattmurphy@kc.rr.com>.
       [Brian Pane]
  
  Revision  Changes    Path
  1.946     +11 -2     httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.945
  retrieving revision 1.946
  diff -u -r1.945 -r1.946
  --- CHANGES	2 Oct 2002 18:26:52 -0000	1.945
  +++ CHANGES	2 Oct 2002 21:35:56 -0000	1.946
  @@ -1,5 +1,14 @@
   Changes with Apache 2.0.43
   
  +  *) SECURITY: [CAN-2002-0840] HTML-escape the address produced by 
  +     ap_server_signature() against this cross-site scripting 
  +     vulnerability exposed by the directive 'UseCanonicalName Off'.  
  +     Also HTML-escape the SERVER_NAME environment variable for CGI 
  +     and SSI requests.  It's safe to escape as only the '<', '>', 
  +     and '&' characters are affected, which won't appear in a valid 
  +     hostname.  Reported by Matthew Murphy <mattmurphy@kc.rr.com>.
  +     [Brian Pane]
  +
     *) Fix a core dump in mod_cache when it attemtped to store uncopyable
        buckets. This happened, for instance, when a file to be cached
        contained SSI tags to execute a CGI script (passed as a pipe
  @@ -14,8 +23,8 @@
        could lead to an infinite loop.  PR 12705  
        [amund.elstad@ergo.no (Amund Elstad), Jeff Trawick]
   
  -  *) Allow POST requests and CGI scripts to work when DAV is enabled
  -     on the location.  [Ryan Bloom]
  +  *) SECURITY: Allow POST requests and CGI scripts to work when DAV 
  +     is enabled on the location.  [Ryan Bloom]
   
     *) Allow the UserDir directive to accept a list of directories.
        This matches what Apache 1.3 does.  Also add documentation for
  
  
  
  1.209     +5 -2      httpd-2.0/server/core.c
  
  Index: core.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/core.c,v
  retrieving revision 1.208
  retrieving revision 1.209
  diff -u -r1.208 -r1.209
  --- core.c	2 Oct 2002 21:32:01 -0000	1.208
  +++ core.c	2 Oct 2002 21:35:57 -0000	1.209
  @@ -2240,12 +2240,15 @@
           return apr_pstrcat(r->pool, prefix, "<address>" AP_SERVER_BASEVERSION
                              " Server at <a href=\"mailto:",
                              r->server->server_admin, "\">",
  -                           ap_get_server_name(r), "</a> Port ", sport,
  +                           ap_escape_html(r->pool, ap_get_server_name(r)),
  +                           "</a> Port ", sport,
                              "</address>\n", NULL);
       }
   
       return apr_pstrcat(r->pool, prefix, "<address>" AP_SERVER_BASEVERSION
  -                       " Server at ", ap_get_server_name(r), " Port ", sport,
  +                       " Server at ",
  +                       ap_escape_html(r->pool, ap_get_server_name(r)),
  +                       " Port ", sport,
                          "</address>\n", NULL);
   }
   
  
  
  
  1.80      +2 -1      httpd-2.0/server/util_script.c
  
  Index: util_script.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/util_script.c,v
  retrieving revision 1.79
  retrieving revision 1.80
  diff -u -r1.79 -r1.80
  --- util_script.c	23 Jun 2002 06:15:03 -0000	1.79
  +++ util_script.c	2 Oct 2002 21:35:57 -0000	1.80
  @@ -266,7 +266,8 @@
   
       apr_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r));
       apr_table_addn(e, "SERVER_SOFTWARE", ap_get_server_version());
  -    apr_table_addn(e, "SERVER_NAME", ap_get_server_name(r));
  +    apr_table_addn(e, "SERVER_NAME",
  +                   ap_escape_html(r->pool, ap_get_server_name(r)));
       apr_table_addn(e, "SERVER_ADDR", r->connection->local_ip);	/* Apache */
       apr_table_addn(e, "SERVER_PORT",
   		  apr_psprintf(r->pool, "%u", ap_get_server_port(r)));
  
  
  

Mime
View raw message