* mod_rewrite: Ensure that client data written to the RewriteLog is (a2abc64b) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP Apache Httpd

CHANGES

+5 −0

Original line number	Original line	Diff line number	Diff line
	-- coding: utf-8 --		-- coding: utf-8 --
	Changes with Apache 2.2.25		Changes with Apache 2.2.25

			*) SECURITY: CVE-2013-1862 (cve.mitre.org)
			mod_rewrite: Ensure that client data written to the RewriteLog is
			escaped to prevent terminal escape sequences from entering the
			log file. [Joe Orton]

	*) htdigest: Fix buffer overflow when reading digest password file		*) htdigest: Fix buffer overflow when reading digest password file
	with very long lines. PR 54893. [Rainer Jung]		with very long lines. PR 54893. [Rainer Jung]

+0 −6

Original line number	Original line	Diff line number	Diff line
	@@ -103,12 +103,6 @@ PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
	2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-quiet-fips.patch		2.2.x patch: http://people.apache.org/~wrowe/httpd-2.2-quiet-fips.patch
	+1: wrowe, druggeri, kbrand		+1: wrowe, druggeri, kbrand

	* mod_rewrite: fix CVE-2013-1862, escape log file output
	(not needed for trunk/2.4)
	2.2.x patch:
	http://people.apache.org/~jorton/mod_rewrite-CVE-2013-1862.patch
	+1: jorton, covener, rpluem

	PATCHES PROPOSED TO BACKPORT FROM TRUNK:		PATCHES PROPOSED TO BACKPORT FROM TRUNK:
	[ New proposals should be added at the end of the list ]		[ New proposals should be added at the end of the list ]

+5 −5

Original line number	Original line	Diff line number	Diff line
	@@ -500,11 +500,11 @@ static void do_rewritelog(request_rec r, int level, char perdir,

	logline = apr_psprintf(r->pool, "%s %s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] "		logline = apr_psprintf(r->pool, "%s %s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] "
	"(%d) %s%s%s%s" APR_EOL_STR,		"(%d) %s%s%s%s" APR_EOL_STR,
	rhost ? rhost : "UNKNOWN-HOST",		rhost ? ap_escape_logitem(r->pool, rhost) : "UNKNOWN-HOST",
	rname ? rname : "-",		rname ? ap_escape_logitem(r->pool, rname) : "-",
	r->user ? (*r->user ? r->user : "\"\"") : "-",		r->user ? (*r->user ? ap_escape_logitem(r->pool, r->user) : "\"\"") : "-",
	current_logtime(r),		current_logtime(r),
	ap_get_server_name(r),		ap_escape_logitem(r->pool, ap_get_server_name(r)),
	(void *)(r->server),		(void *)(r->server),
	(void *)r,		(void *)r,
	r->main ? "subreq" : "initial",		r->main ? "subreq" : "initial",
	@@ -514,7 +514,7 @@ static void do_rewritelog(request_rec r, int level, char perdir,
	perdir ? "[perdir " : "",		perdir ? "[perdir " : "",
	perdir ? perdir : "",		perdir ? perdir : "",
	perdir ? "] ": "",		perdir ? "] ": "",
	text);		ap_escape_logitem(r->pool, text));

	nbytes = strlen(logline);		nbytes = strlen(logline);
	apr_file_write(conf->rewritelogfp, logline, &nbytes);		apr_file_write(conf->rewritelogfp, logline, &nbytes);