On Sat, Jan 03, 2004 at 04:31:32PM -0000, [EMAIL PROTECTED] wrote: > ben 2004/01/03 08:31:32 > > Modified: server gen_test_char.c > Log: > Make forensic logging safe for POST data. The issue with strchr and NUL is > a red herring.
I don't think this is a safe change: 0 is now flagged with T_ESCAPE_FORENSIC|T_ESCAPE_LOGITEM|T_HTTP_TOKEN_STOP|T_ESCAPE_SHELL_CMD. At least ap_find_token() assumes that 0 is not flagged with T_HTTP_TOKEN_STOP. > > Revision Changes Path > 1.19 +3 -7 httpd-2.0/server/gen_test_char.c > > Index: gen_test_char.c > =================================================================== > RCS file: /home/cvs/httpd-2.0/server/gen_test_char.c,v > retrieving revision 1.18 > retrieving revision 1.19 > diff -u -r1.18 -r1.19 > --- gen_test_char.c 3 Jan 2004 15:33:41 -0000 1.18 > +++ gen_test_char.c 3 Jan 2004 16:31:32 -0000 1.19 > @@ -90,8 +90,7 @@ > "#define T_ESCAPE_LOGITEM (%u)\n" > "#define T_ESCAPE_FORENSIC (%u)\n" > "\n" > - "static const unsigned char test_char_table[256] = {\n" > - " 0,", > + "static const unsigned char test_char_table[256] = {", > T_ESCAPE_SHELL_CMD, > T_ESCAPE_PATH_SEGMENT, > T_OS_ESCAPE_PATH, > @@ -99,10 +98,7 @@ > T_ESCAPE_LOGITEM, > T_ESCAPE_FORENSIC); > > - /* we explicitly dealt with NUL above > - * in case some strchr() do bogosity with it */ > - > - for (c = 1; c < 256; ++c) { > + for (c = 0; c < 256; ++c) { > flags = 0; > if (c % 20 == 0) > printf("\n "); > @@ -154,7 +150,7 @@ > * :, | (used as delimiters) and % (used for escaping). > */ > if (!apr_isprint(c) || c == ':' || c == '|' || c == '%' > - || apr_iscntrl(c)) { > + || apr_iscntrl(c) || !c) { > flags |= T_ESCAPE_FORENSIC; > } > > > >