httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From stodd...@apache.org
Subject cvs commit: httpd-2.0/modules/generators mod_cgi.c
Date Tue, 24 Aug 2004 01:49:59 GMT
stoddard    2004/08/23 18:49:59

  Modified:    modules/generators mod_cgi.c
  Log:
  Escape bytes returned by the errfn because it might be from an untrusted source
  
  Revision  Changes    Path
  1.168     +4 -1      httpd-2.0/modules/generators/mod_cgi.c
  
  Index: mod_cgi.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/modules/generators/mod_cgi.c,v
  retrieving revision 1.167
  retrieving revision 1.168
  diff -u -r1.167 -r1.168
  --- mod_cgi.c	1 Aug 2004 01:12:30 -0000	1.167
  +++ mod_cgi.c	24 Aug 2004 01:49:59 -0000	1.168
  @@ -352,11 +352,14 @@
       char errbuf[200];
   
       apr_file_open_stderr(&stderr_log, pool);
  +    /* Escape the logged string because it may be something that
  +     * came in over the network.
  +     */
       apr_file_printf(stderr_log,
                       "(%d)%s: %s\n",
                       err,
                       apr_strerror(err, errbuf, sizeof(errbuf)),
  -                    description);
  +                    ap_escape_logitem(pool, description));
   }
   
   static apr_status_t run_cgi_child(apr_file_t **script_out,
  
  
  

Mime
View raw message