httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From n.@apache.org
Subject cvs commit: httpd-2.0/server gen_test_char.c util.c
Date Fri, 04 Apr 2003 01:07:34 GMT
nd          2003/04/03 17:07:34

  Modified:    .        Tag: APACHE_2_0_BRANCH CHANGES STATUS
               include  Tag: APACHE_2_0_BRANCH ap_mmn.h httpd.h
               modules/loggers Tag: APACHE_2_0_BRANCH mod_log_config.c
               server   Tag: APACHE_2_0_BRANCH gen_test_char.c util.c
  Log:
  Minor MMN bump (synchronized with 2.1).
  
  Forward port: Escape special characters (especially control
  characters) in mod_log_config to make a clear distinction between
  client-supplied strings (with special characters) and server-side
  strings. This was already introduced in version 1.3.25.
  
  Obtained from: Patch in 1.3.25-dev by Martin
  Reviewed by: Will Rowe, Jeff Trawick
  
  Revision  Changes    Path
  No                   revision
  
  
  No                   revision
  
  
  1.988.2.75 +6 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.988.2.74
  retrieving revision 1.988.2.75
  diff -u -r1.988.2.74 -r1.988.2.75
  --- CHANGES	4 Apr 2003 00:40:56 -0000	1.988.2.74
  +++ CHANGES	4 Apr 2003 01:07:31 -0000	1.988.2.75
  @@ -1,5 +1,11 @@
   Changes with Apache 2.0.46
   
  +  *) Forward port: Escape special characters (especially control
  +     characters) in mod_log_config to make a clear distinction between
  +     client-supplied strings (with special characters) and server-side
  +     strings. This was already introduced in version 1.3.25.
  +     [André Malo]
  +
     *) mod_deflate: Check also err_headers_out for an already set
        Content-Encoding: gzip header. This prevents gzip compressed content
        from a CGI script from being compressed once more. PR 17797.
  
  
  
  1.751.2.202 +1 -17     httpd-2.0/STATUS
  
  Index: STATUS
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/STATUS,v
  retrieving revision 1.751.2.201
  retrieving revision 1.751.2.202
  diff -u -r1.751.2.201 -r1.751.2.202
  --- STATUS	4 Apr 2003 00:40:57 -0000	1.751.2.201
  +++ STATUS	4 Apr 2003 01:07:32 -0000	1.751.2.202
  @@ -67,22 +67,6 @@
     [ please place file names and revisions from HEAD here, so it is easy to
       identify exactly what the proposed changes are! ]
   
  -    * Forward port: Escape special characters (especially control
  -      characters) in mod_log_config to make a clear distinction between
  -      client-supplied strings (with special characters) and server-side
  -      strings. This was already introduced in version 1.3.25.
  -      A ready-for-commit patch for 2.0 can be found under
  -      <http://cvs.apache.org/~nd/logescape.patch>. Rev.# of HEAD:
  -      include/ap_mmn.h: r1.57
  -      include/httpd.h: r1.196
  -      modules/loggers/mod_log_config.c: r1.100
  -      server/gen_test_char.c: r1.16
  -      server/util.c: r1.138
  -      +1: nd, wrowe (clean solution, mirrors our \0 escaping of %00), trawick
  -      +0: mod_log_config.c has another change which requires mod_log_config.h
  -         and a possible mmn bump
  -         nd: but not in 2.0. AFAICS the MMNs don't conflict.
  -
       * AllowEncodedSlashes patch to permit %2f in path-info.
         CHANGES r1.1038
         include/ap_mmn.h r1.54 (based on r1.53)
  
  
  
  No                   revision
  
  
  No                   revision
  
  
  1.52.2.2  +2 -1      httpd-2.0/include/ap_mmn.h
  
  Index: ap_mmn.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/include/ap_mmn.h,v
  retrieving revision 1.52.2.1
  retrieving revision 1.52.2.2
  diff -u -r1.52.2.1 -r1.52.2.2
  --- ap_mmn.h	3 Feb 2003 17:31:29 -0000	1.52.2.1
  +++ ap_mmn.h	4 Apr 2003 01:07:33 -0000	1.52.2.2
  @@ -111,6 +111,7 @@
    * 20020625 (2.0.40-dev) Changed conn_rec->keepalive to an enumeration
    * 20020628 (2.0.40-dev) Added filter_init to filter registration functions
    * 20020903 (2.0.41-dev) APR's error constants changed
  + * 20020903.2 (2.0.46-dev) add ap_escape_logitem (.1 is waiting for backport)
    */
   
   #define MODULE_MAGIC_COOKIE 0x41503230UL /* "AP20" */
  @@ -118,7 +119,7 @@
   #ifndef MODULE_MAGIC_NUMBER_MAJOR
   #define MODULE_MAGIC_NUMBER_MAJOR 20020903
   #endif
  -#define MODULE_MAGIC_NUMBER_MINOR 0                     /* 0...n */
  +#define MODULE_MAGIC_NUMBER_MINOR 2                     /* 0...n */
   
   /**
    * Determine if the server's current MODULE_MAGIC_NUMBER is at least a
  
  
  
  1.191.2.3 +8 -0      httpd-2.0/include/httpd.h
  
  Index: httpd.h
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/include/httpd.h,v
  retrieving revision 1.191.2.2
  retrieving revision 1.191.2.3
  diff -u -r1.191.2.2 -r1.191.2.3
  --- httpd.h	9 Mar 2003 00:27:16 -0000	1.191.2.2
  +++ httpd.h	4 Apr 2003 01:07:33 -0000	1.191.2.3
  @@ -1359,6 +1359,14 @@
   AP_DECLARE(char *) ap_escape_html(apr_pool_t *p, const char *s);
   
   /**
  + * Escape a string for logging
  + * @param p The pool to allocate from
  + * @param s The string to escape
  + * @return The escaped string
  + */
  +AP_DECLARE(char *) ap_escape_logitem(apr_pool_t *p, const char *str);
  +
  +/**
    * Construct a full hostname
    * @param p The pool to allocate from
    * @param hostname The hostname of the server
  
  
  
  No                   revision
  
  
  No                   revision
  
  
  1.95.2.5  +31 -22    httpd-2.0/modules/loggers/mod_log_config.c
  
  Index: mod_log_config.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/loggers/mod_log_config.c,v
  retrieving revision 1.95.2.4
  retrieving revision 1.95.2.5
  diff -u -r1.95.2.4 -r1.95.2.5
  --- mod_log_config.c	20 Mar 2003 21:56:03 -0000	1.95.2.4
  +++ mod_log_config.c	4 Apr 2003 01:07:33 -0000	1.95.2.5
  @@ -333,8 +333,9 @@
   
   static const char *log_remote_host(request_rec *r, char *a)
   {
  -    return ap_get_remote_host(r->connection, r->per_dir_config,
  -                                    REMOTE_NAME, NULL);
  +    return ap_escape_logitem(r->pool, ap_get_remote_host(r->connection,
  +                                                         r->per_dir_config,
  +                                                         REMOTE_NAME, NULL));
   }
   
   static const char *log_remote_address(request_rec *r, char *a)
  @@ -349,7 +350,7 @@
   
   static const char *log_remote_logname(request_rec *r, char *a)
   {
  -    return ap_get_remote_logname(r);
  +    return ap_escape_logitem(r->pool, ap_get_remote_logname(r));
   }
   
   static const char *log_remote_user(request_rec *r, char *a)
  @@ -362,6 +363,10 @@
       else if (strlen(rvalue) == 0) {
           rvalue = "\"\"";
       }
  +    else {
  +        rvalue = ap_escape_logitem(r->pool, rvalue);
  +    }
  +
       return rvalue;
   }
   
  @@ -372,33 +377,37 @@
        * (note the truncation before the protocol string for HTTP/0.9 requests)
        * (note also that r->the_request contains the unmodified request)
        */
  -    return (r->parsed_uri.password) 
  -                ? apr_pstrcat(r->pool, r->method, " ",
  -                              apr_uri_unparse(r->pool, &r->parsed_uri, 0),
  -                              r->assbackwards ? NULL : " ", r->protocol, NULL)
  -                : r->the_request;
  +    return ap_escape_logitem(r->pool,
  +                             (r->parsed_uri.password)
  +                               ? apr_pstrcat(r->pool, r->method, " ",
  +                                             apr_uri_unparse(r->pool,
  +                                                             &r->parsed_uri, 0),
  +                                             r->assbackwards ? NULL : " ",
  +                                             r->protocol, NULL)
  +                               : r->the_request);
   }
   
   static const char *log_request_file(request_rec *r, char *a)
   {
  -    return r->filename;
  +    return ap_escape_logitem(r->pool, r->filename);
   }
   static const char *log_request_uri(request_rec *r, char *a)
   {
  -    return r->uri;
  +    return ap_escape_logitem(r->pool, r->uri);
   }
   static const char *log_request_method(request_rec *r, char *a)
   {
  -    return r->method;
  +    return ap_escape_logitem(r->pool, r->method);
   }
   static const char *log_request_protocol(request_rec *r, char *a)
   {
  -    return r->protocol;
  +    return ap_escape_logitem(r->pool, r->protocol);
   }
   static const char *log_request_query(request_rec *r, char *a)
   {
  -    return (r->args != NULL) ? apr_pstrcat(r->pool, "?", r->args, NULL)
  -                             : "";
  +    return (r->args) ? apr_pstrcat(r->pool, "?",
  +                                   ap_escape_logitem(r->pool, r->args), NULL)
  +                     : "";
   }
   static const char *log_status(request_rec *r, char *a)
   {
  @@ -428,7 +437,7 @@
   
   static const char *log_header_in(request_rec *r, char *a)
   {
  -    return apr_table_get(r->headers_in, a);
  +    return ap_escape_logitem(r->pool, apr_table_get(r->headers_in, a));
   }
   
   static const char *log_header_out(request_rec *r, char *a)
  @@ -438,18 +447,18 @@
           cp = ap_field_noparam(r->pool, r->content_type);
       }
       if (cp) {
  -        return cp;
  +        return ap_escape_logitem(r->pool, cp);
       }
  -    return apr_table_get(r->err_headers_out, a);
  +    return ap_escape_logitem(r->pool, apr_table_get(r->err_headers_out, a));
   }
   
   static const char *log_note(request_rec *r, char *a)
   {
  -    return apr_table_get(r->notes, a);
  +    return ap_escape_logitem(r->pool, apr_table_get(r->notes, a));
   }
   static const char *log_env_var(request_rec *r, char *a)
   {
  -    return apr_table_get(r->subprocess_env, a);
  +    return ap_escape_logitem(r->pool, apr_table_get(r->subprocess_env, a));
   }
   
   static const char *log_cookie(request_rec *r, char *a)
  @@ -467,7 +476,7 @@
               if (end_cookie) {
                   *end_cookie = '\0';
               }
  -            return cookie;
  +            return ap_escape_logitem(r->pool, cookie);
           }
       }
       return NULL;
  @@ -585,7 +594,7 @@
    */
   static const char *log_virtual_host(request_rec *r, char *a)
   {
  -    return r->server->server_hostname;
  +    return ap_escape_logitem(r->pool, r->server->server_hostname);
   }
   
   static const char *log_server_port(request_rec *r, char *a)
  @@ -599,7 +608,7 @@
    */
   static const char *log_server_name(request_rec *r, char *a)
   {
  -    return ap_get_server_name(r);
  +    return ap_escape_logitem(r->pool, ap_get_server_name(r));
   }
   
   static const char *log_child_pid(request_rec *r, char *a)
  
  
  
  No                   revision
  
  
  No                   revision
  
  
  1.14.2.2  +13 -2     httpd-2.0/server/gen_test_char.c
  
  Index: gen_test_char.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/gen_test_char.c,v
  retrieving revision 1.14.2.1
  retrieving revision 1.14.2.2
  diff -u -r1.14.2.1 -r1.14.2.2
  --- gen_test_char.c	3 Feb 2003 17:32:00 -0000	1.14.2.1
  +++ gen_test_char.c	4 Apr 2003 01:07:33 -0000	1.14.2.2
  @@ -73,6 +73,7 @@
   #define T_ESCAPE_PATH_SEGMENT (0x02)
   #define T_OS_ESCAPE_PATH      (0x04)
   #define T_HTTP_TOKEN_STOP     (0x08)
  +#define T_ESCAPE_LOGITEM      (0x10)
   
   int main(int argc, char *argv[])
   {
  @@ -85,13 +86,15 @@
              "#define T_ESCAPE_PATH_SEGMENT  (%u)\n"
              "#define T_OS_ESCAPE_PATH       (%u)\n"
              "#define T_HTTP_TOKEN_STOP      (%u)\n"
  +           "#define T_ESCAPE_LOGITEM       (%u)\n"
              "\n"
              "static const unsigned char test_char_table[256] = {\n"
              "    0,",
              T_ESCAPE_SHELL_CMD,
              T_ESCAPE_PATH_SEGMENT,
              T_OS_ESCAPE_PATH,
  -           T_HTTP_TOKEN_STOP);
  +           T_HTTP_TOKEN_STOP,
  +           T_ESCAPE_LOGITEM);
   
       /* we explicitly dealt with NUL above
        * in case some strchr() do bogosity with it */
  @@ -135,8 +138,16 @@
               flags |= T_HTTP_TOKEN_STOP;
           }
   
  -        printf("%u%c", flags, (c < 255) ? ',' : ' ');
  +        /* For logging, escape all control characters,
  +         * double quotes (because they delimit the request in the log file)
  +         * backslashes (because we use backslash for escaping)
  +         * and 8-bit chars with the high bit set
  +         */
  +        if (!apr_isprint(c) || c == '"' || c == '\\' || apr_iscntrl(c)) {
  +            flags |= T_ESCAPE_LOGITEM;
  +        }
   
  +        printf("%u%c", flags, (c < 255) ? ',' : ' ');
       }
   
       printf("\n};\n");
  
  
  
  1.133.2.4 +52 -0     httpd-2.0/server/util.c
  
  Index: util.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/util.c,v
  retrieving revision 1.133.2.3
  retrieving revision 1.133.2.4
  diff -u -r1.133.2.3 -r1.133.2.4
  --- util.c	31 Mar 2003 04:55:25 -0000	1.133.2.3
  +++ util.c	4 Apr 2003 01:07:33 -0000	1.133.2.4
  @@ -1734,6 +1734,58 @@
       return x;
   }
   
  +AP_DECLARE(char *) ap_escape_logitem(apr_pool_t *p, const char *str)
  +{
  +    char *ret;
  +    unsigned char *d;
  +    const unsigned char *s;
  +
  +    if (!str) {
  +        return NULL;
  +    }
  +
  +    ret = apr_palloc(p, 4 * strlen(str) + 1); /* Be safe */
  +    d = (unsigned char *)ret;
  +    s = (const unsigned char *)str;
  +    for (; *s; ++s) {
  +
  +        if (TEST_CHAR(*s, T_ESCAPE_LOGITEM)) {
  +            *d++ = '\\';
  +            switch(*s) {
  +            case '\b':
  +                *d++ = 'b';
  +                break;
  +            case '\n':
  +                *d++ = 'n';
  +                break;
  +            case '\r':
  +                *d++ = 'r';
  +                break;
  +            case '\t':
  +                *d++ = 't';
  +                break;
  +            case '\v':
  +                *d++ = 'v';
  +                break;
  +            case '\\':
  +            case '"':
  +                *d++ = *s;
  +                break;
  +            default:
  +                c2x(*s, d);
  +                *d = 'x';
  +                d += 3;
  +            }
  +        }
  +        else {
  +            *d++ = *s;
  +        }
  +    }
  +    *d = '\0';
  +
  +    return ret;
  +}
  +
   AP_DECLARE(int) ap_is_directory(apr_pool_t *p, const char *path)
   {
       apr_finfo_t finfo;
  
  
  

Mime
View raw message