diff options
| author | William A. Rowe Jr <wrowe@apache.org> | 2002-10-02 23:35:57 +0200 |
|---|---|---|
| committer | William A. Rowe Jr <wrowe@apache.org> | 2002-10-02 23:35:57 +0200 |
| commit | 01b99447729a3d43891997806106be6bec3637ff (patch) | |
| tree | 3f8adf38e27b95bf79c9fa30519bff704a481397 /server | |
| parent | Until we have a mechanism to allow PHP and others to 'raise their hand' (diff) | |
| download | apache2-01b99447729a3d43891997806106be6bec3637ff.tar.xz apache2-01b99447729a3d43891997806106be6bec3637ff.zip | |
*) SECURITY: [CAN-2002-0840] HTML-escape the address produced by
ap_server_signature() against this cross-site scripting
vulnerability exposed by the directive 'UseCanonicalName Off'.
Also HTML-escape the SERVER_NAME environment variable for CGI
and SSI requests. It's safe to escape as only the '<', '>',
and '&' characters are affected, which won't appear in a valid
hostname. Reported by Matthew Murphy <mattmurphy@kc.rr.com>.
[Brian Pane]
git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@97064 13f79535-47bb-0310-9956-ffa450edef68
Diffstat (limited to 'server')
| -rw-r--r-- | server/core.c | 7 | ||||
| -rw-r--r-- | server/util_script.c | 3 |
2 files changed, 7 insertions, 3 deletions
diff --git a/server/core.c b/server/core.c index 1d49f656ae..72925533a1 100644 --- a/server/core.c +++ b/server/core.c @@ -2240,12 +2240,15 @@ AP_DECLARE(const char *) ap_psignature(const char *prefix, request_rec *r) return apr_pstrcat(r->pool, prefix, "<address>" AP_SERVER_BASEVERSION " Server at <a href=\"mailto:", r->server->server_admin, "\">", - ap_get_server_name(r), "</a> Port ", sport, + ap_escape_html(r->pool, ap_get_server_name(r)), + "</a> Port ", sport, "</address>\n", NULL); } return apr_pstrcat(r->pool, prefix, "<address>" AP_SERVER_BASEVERSION - " Server at ", ap_get_server_name(r), " Port ", sport, + " Server at ", + ap_escape_html(r->pool, ap_get_server_name(r)), + " Port ", sport, "</address>\n", NULL); } diff --git a/server/util_script.c b/server/util_script.c index 00bd6ffd9f..75fd781350 100644 --- a/server/util_script.c +++ b/server/util_script.c @@ -266,7 +266,8 @@ AP_DECLARE(void) ap_add_common_vars(request_rec *r) apr_table_addn(e, "SERVER_SIGNATURE", ap_psignature("", r)); apr_table_addn(e, "SERVER_SOFTWARE", ap_get_server_version()); - apr_table_addn(e, "SERVER_NAME", ap_get_server_name(r)); + apr_table_addn(e, "SERVER_NAME", + ap_escape_html(r->pool, ap_get_server_name(r))); apr_table_addn(e, "SERVER_ADDR", r->connection->local_ip); /* Apache */ apr_table_addn(e, "SERVER_PORT", apr_psprintf(r->pool, "%u", ap_get_server_port(r))); |