httpd-dev mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From Daniel Lescohier <daniel.lescoh...@cbsi.com>
Subject Re: allow newlines in T_ESCAPE_LOGITEM?
Date Wed, 13 Apr 2016 21:05:41 GMT
Isn't T_ESCAPE_LOGITEM also used by mod_log_config's use of
ap_escape_logitem?  We rely on the API that data from HTTP requests that
are logged in our mod_log_config logfiles are newline-escaped, so that one
line in the logfile is parsed as one log entry.  Our parsers first split on
newline to get records, then splits the fields of the record on the field
delimiter to get fields, then it unescapes the backslash-escapes to get the
original data for that field.

On Wed, Apr 13, 2016 at 3:43 PM, Eric Covener <covener@gmail.com> wrote:

> Currently newlines get backslash-escaped if written to the errorlog.
> This is via server/gen_test_char.c and stems from an ancient vuln
> about escape sequences in log files potentially affecting peoples
> terminals when cat'ed.
>
> On a few occasions I have worked with some libraries that return a
> newline-formatted buffer that I'd love to dump to the error log
> without scanning and splitting up into multiple log entries.
>
> I also occasionally see \n's from third-party mods once in a while.
>
> Any opinions on punching a hole for \n in T_ESCAPE_LOGITEM?
>

Mime
View raw message