httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From wr...@apache.org
Subject svn commit: r1497018 - in /httpd/httpd/branches/2.0.x: CHANGES STATUS modules/mappers/mod_rewrite.c
Date Wed, 26 Jun 2013 17:36:15 GMT
Author: wrowe
Date: Wed Jun 26 17:36:15 2013
New Revision: 1497018

URL: http://svn.apache.org/r1497018
Log:
mod_rewrite: (CVE-2013-1862 (cve.mitre.org)) Ensure that client data
written to the RewriteLog is escaped to prevent terminal escape sequences
from entering the log file.

Backports: r1482349
Submitted by: jorton
Reviewed by: wrowe, covener, trawick


Modified:
    httpd/httpd/branches/2.0.x/CHANGES
    httpd/httpd/branches/2.0.x/STATUS
    httpd/httpd/branches/2.0.x/modules/mappers/mod_rewrite.c

Modified: httpd/httpd/branches/2.0.x/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/CHANGES?rev=1497018&r1=1497017&r2=1497018&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/CHANGES [utf-8] (original)
+++ httpd/httpd/branches/2.0.x/CHANGES [utf-8] Wed Jun 26 17:36:15 2013
@@ -1,6 +1,11 @@
                                                          -*- coding: utf-8 -*-
 Changes with Apache 2.0.65
 
+  *) SECURITY: CVE-2013-1862 (cve.mitre.org)
+     mod_rewrite: Ensure that client data written to the RewriteLog is
+     escaped to prevent terminal escape sequences from entering the
+     log file.  [Joe Orton]
+
   *) SECURITY: CVE-2012-0053 (cve.mitre.org)
      Fix an issue in error responses that could expose "httpOnly" cookies
      when no custom ErrorDocument is specified for status code 400.

Modified: httpd/httpd/branches/2.0.x/STATUS
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/STATUS?rev=1497018&r1=1497017&r2=1497018&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/STATUS (original)
+++ httpd/httpd/branches/2.0.x/STATUS Wed Jun 26 17:36:15 2013
@@ -118,12 +118,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   * mod_rewrite: (CVE-2013-1862 (cve.mitre.org)) Ensure that client data
-     written to the RewriteLog is escaped to prevent terminal escape sequences
-     from entering the log file. [Joe Orton]
-     http://svn.apache.org/viewvc?view=revision&revision=1482349
-     2.0.x: http://people.apache.org/~covener/patches/2.0.x-rewritelog.diff 
-     +1: wrowe, covener, trawick
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ please place SVN revisions from trunk here, so it is easy to

Modified: httpd/httpd/branches/2.0.x/modules/mappers/mod_rewrite.c
URL: http://svn.apache.org/viewvc/httpd/httpd/branches/2.0.x/modules/mappers/mod_rewrite.c?rev=1497018&r1=1497017&r2=1497018&view=diff
==============================================================================
--- httpd/httpd/branches/2.0.x/modules/mappers/mod_rewrite.c (original)
+++ httpd/httpd/branches/2.0.x/modules/mappers/mod_rewrite.c Wed Jun 26 17:36:15 2013
@@ -3599,10 +3599,11 @@ static void rewritelog(request_rec *r, i
         rhost = "UNKNOWN-HOST";
     }
 
-    str1 = apr_pstrcat(r->pool, rhost, " ",
-                      (conn->remote_logname != NULL ?
-                      conn->remote_logname : "-"), " ",
-                      ruser, NULL);
+    str1 = apr_pstrcat(r->pool, ap_escape_logitem(r->pool, rhost), " ",
+                       (conn->remote_logname != NULL
+                            ? ap_escape_logitem(r->pool, conn->remote_logname)
+                            : "-"),
+                       " ", ap_escape_logitem(r->pool, ruser), NULL);
     apr_vsnprintf(str2, sizeof(str2), text, ap);
 
     if (r->main == NULL) {
@@ -3624,9 +3625,10 @@ static void rewritelog(request_rec *r, i
 
     apr_snprintf(str3, sizeof(str3),
                 "%s %s [%s/sid#%lx][rid#%lx/%s%s] (%d) %s" APR_EOL_STR, str1,
-                current_logtime(r), ap_get_server_name(r),
+                current_logtime(r),
+                ap_escape_logitem(r->pool, ap_get_server_name(r)),
                 (unsigned long)(r->server), (unsigned long)r,
-                type, redir, level, str2);
+                type, redir, level, ap_escape_logitem(r->pool, str2));
 
     rv = apr_global_mutex_lock(rewrite_log_lock);
     if (rv != APR_SUCCESS) {



Mime
View raw message