httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Ben Laurie <...@algroup.co.uk>
Subject Re: cvs commit: apache-1.3/src/main http_log.c util.c
Date Mon, 15 Dec 2003 14:07:23 GMT
nd@apache.org wrote:
> nd          2003/12/14 10:16:50
> 
>   Modified:    src      CHANGES
>                src/include ap_mmn.h httpd.h
>                src/main http_log.c util.c
>   Log:
>   SECURITY [CAN-2003-0020]: escape arbitrary data before writing into the
>     errorlog.
>   Index: http_log.c
>   ===================================================================
>   RCS file: /home/cvs/apache-1.3/src/main/http_log.c,v
>   retrieving revision 1.96
>   retrieving revision 1.97
>   diff -u -u -r1.96 -r1.97
>   --- http_log.c	3 Feb 2003 17:13:21 -0000	1.96
>   +++ http_log.c	14 Dec 2003 18:16:50 -0000	1.97
>   @@ -313,7 +313,7 @@
>    			   const server_rec *s, const request_rec *r,
>    			   const char *fmt, va_list args)
>    {
>   -    char errstr[MAX_STRING_LEN];
>   +    char errstr[MAX_STRING_LEN], scratch[MAX_STRING_LEN];

Surely scratch and errstr should be MAX_STRING_LEN*4?

>   +            default:
>   +                if (d >= ep - 2) {
>   +                    ep = --d; /* break the for loop as well */
>   +                    break;
>   +                }
>   +                c2x(*s, d);

Am I being dim? Shouldn't this be c2x(*s,d+1)?

>   +                *d = 'x';
>   +                d += 3;
>   +            }
>   +        }
>   +        else {
>   +            *d++ = *s;
>   +        }
>   +    }
>   +    *d = '\0';
>   +
>   +    return (d - (unsigned char *)dest);
>   +}

Cheers,

Ben.

-- 
http://www.apache-ssl.org/ben.html       http://www.thebunker.net/

"There is no limit to what a man can do or how far he can go if he
doesn't mind who gets the credit." - Robert Woodruff

Mime
View raw message