← Back to branch summary

~ubuntu-branches/debian/wheezy/apache2/wheezy

« back to all changes in this revision

Viewing changes to modules/loggers/mod_log_config.c

  • Committer: Package Import Robot
  • Author(s): Stefan Fritsch, Stefan Fritsch, Arno Töll
  • Date: 2012-02-01 21:49:04 UTC
  • mfrom: (0.13.15)
  • Revision ID: package-import@ubuntu.com-20120201214904-nlchebp6wu7z55jw
Tags: 2.2.22-1
http://bugs.debian.org/653801
[ Stefan Fritsch ]
* New upstream release, urgency medium due to security fixes:
  - Fix CVE-2012-0021: mod_log_config: DoS with '%{cookiename}C' log format
  - Fix CVE-2012-0031: Unprivileged child process could cause the parent to
    crash at shutdown
  - Fix CVE-2012-0053: Exposure of "httpOnly" cookies in code 400 error
    message.
* Move httxt2dbm to apache2-utils
* Adjust debian/control to point to new git repository.

[ Arno Töll ]
* Fix "typo in /etc/apache2/apache2.conf" (Closes: #653801)

Show diffs side-by-side

added added

removed removed

Lines of Context:
modules/loggers/mod_log_config.c
524
524
 
525
525
        while ((cookie = apr_strtok(cookies, ";", &last1))) {
526
526
            char *name = apr_strtok(cookie, "=", &last2);
527
 
            char *value;
528
 
            apr_collapse_spaces(name, name);
529
 
 
530
 
            if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) {
531
 
                char *last;
532
 
                value += strspn(value, " \t");  /* Move past leading WS */
533
 
                last = value + strlen(value) - 1;
534
 
                while (last >= value && apr_isspace(*last)) {
535
 
                   *last = '\0';
536
 
                   --last;
 
527
            if (name) {
 
528
                char *value;
 
529
                apr_collapse_spaces(name, name);
 
530
 
 
531
                if (!strcasecmp(name, a) && (value = apr_strtok(NULL, "=", &last2))) {
 
532
                    char *last;
 
533
                    value += strspn(value, " \t");  /* Move past leading WS */
 
534
                    last = value + strlen(value) - 1;
 
535
                    while (last >= value && apr_isspace(*last)) {
 
536
                       *last = '\0';
 
537
                       --last;
 
538
                    }
 
539
 
 
540
                    return ap_escape_logitem(r->pool, value);
537
541
                }
538
 
 
539
 
                return ap_escape_logitem(r->pool, value);
540
542
            }
541
543
            cookies = NULL;
542
544
        }
1171
1173
        ap_log_set_writer_init(ap_buffered_log_writer_init);
1172
1174
        ap_log_set_writer(ap_buffered_log_writer);
1173
1175
    }
 
1176
    else {
 
1177
        ap_log_set_writer_init(ap_default_log_writer_init);
 
1178
        ap_log_set_writer(ap_default_log_writer);
 
1179
    }
1174
1180
    return NULL;
1175
1181
}
1176
1182
static const command_rec config_log_cmds[] =
1543
1549
        log_pfn_register(p, "R", log_handler, 1);
1544
1550
    }
1545
1551
 
 
1552
    /* reset to default conditions */
 
1553
    ap_log_set_writer_init(ap_default_log_writer_init);
 
1554
    ap_log_set_writer(ap_default_log_writer);
 
1555
    buffered_logs = 0;
 
1556
 
1546
1557
    return OK;
1547
1558
}
1548
1559