Overview

File CVE-2024-47252.patch of Package apache2.39827

From c01e60707048be14a510f0a92128a5227923215c Mon Sep 17 00:00:00 2001
From: Eric Covener <covener@apache.org>
Date: Mon, 7 Jul 2025 12:03:42 +0000
Subject: [PATCH] backport 1927034 from trunk

  escape ssl vars

Reviewed By: rpluem, jorton, covener, ylavic



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1927042 13f79535-47bb-0310-9956-ffa450edef68
---
 modules/ssl/ssl_engine_vars.c | 10 ++++++----
 1 file changed, 6 insertions(+), 4 deletions(-)

diff --git a/modules/ssl/ssl_engine_vars.c b/modules/ssl/ssl_engine_vars.c
index 418d849e00e..4060c0f6a63 100644
--- a/modules/ssl/ssl_engine_vars.c
+++ b/modules/ssl/ssl_engine_vars.c
@@ -1208,8 +1208,9 @@ static const char *ssl_var_log_handler_c(request_rec *r, char *a)
         result = "-";
     else if (strEQ(a, "errstr"))
         result = (char *)sslconn->verify_error;
-    if (result != NULL && result[0] == NUL)
-        result = NULL;
+    if (result) {
+        result = *result ? ap_escape_logitem(r->pool, result) : NULL;
+    }
     return result;
 }
 
@@ -1222,8 +1223,9 @@ static const char *ssl_var_log_handler_x(request_rec *r, char *a)
     char *result;
 
     result = ssl_var_lookup(r->pool, r->server, r->connection, r, a);
-    if (result != NULL && result[0] == NUL)
-        result = NULL;
+    if (result) {
+        result = *result ? ap_escape_logitem(r->pool, result) : NULL;
+    }
     return result;
 }
openSUSE Build Service is sponsored by
Places