> Stas, we have closed a well known and remotely exploitable security leak. This > goes straight over comfort. If you don't like it, provide an alternative > solution. Just nagging or trying to talk the problem away doesn't help.
is creating a compile-time flag to disable the new-default behavior a simple solution that might make everyone happy? --Geoff
Index: server/main.c =================================================================== RCS file: /home/cvspublic/httpd-2.0/server/main.c,v retrieving revision 1.152 diff -u -r1.152 main.c --- server/main.c 5 Jan 2004 10:37:25 -0000 1.152 +++ server/main.c 7 Jan 2004 20:29:43 -0000 @@ -277,6 +277,10 @@ #ifdef SERVER_CONFIG_FILE printf(" -D SERVER_CONFIG_FILE=\"" SERVER_CONFIG_FILE "\"\n"); #endif + +#ifdef UNESCAPED_ERROR_LOG + printf(" -D UNESCAPED_ERROR_LOG\n"); +#endif } static void destroy_and_exit_process(process_rec *process, Index: server/log.c =================================================================== RCS file: /home/cvspublic/httpd-2.0/server/log.c,v retrieving revision 1.138 diff -u -r1.138 log.c --- server/log.c 1 Jan 2004 13:26:23 -0000 1.138 +++ server/log.c 7 Jan 2004 20:29:44 -0000 @@ -402,7 +402,7 @@ const request_rec *r, apr_pool_t *pool, const char *fmt, va_list args) { - char errstr[MAX_STRING_LEN], scratch[MAX_STRING_LEN]; + char errstr[MAX_STRING_LEN]; apr_size_t len, errstrlen; apr_file_t *logf = NULL; const char *referer; @@ -539,16 +539,27 @@ } errstrlen = len; +#ifdef UNESCAPED_ERROR_LOG + len += apr_vsnprintf(errstr + len, MAX_STRING_LEN - len, fmt, args); + + if (r && (referer = apr_table_get(r->headers_in, "Referer"))) { + len += apr_snprintf(errstr + len, MAX_STRING_LEN - len, + ", referer: %s", referer); + } +#else if (apr_vsnprintf(scratch, MAX_STRING_LEN - len, fmt, args)) { + char scratch[MAX_STRING_LEN]; len += ap_escape_errorlog_item(errstr + len, scratch, MAX_STRING_LEN - len); } if ( r && (referer = apr_table_get(r->headers_in, "Referer")) && ap_escape_errorlog_item(scratch, referer, MAX_STRING_LEN - len)) { + char scratch[MAX_STRING_LEN]; len += apr_snprintf(errstr + len, MAX_STRING_LEN - len, ", referer: %s", scratch); } +#endif /* NULL if we are logging to syslog */ if (logf) {