File httpd-2.2.x-bnc806458-mod_info_ap_get_server_name-xss.diff of Package apache2.1524
diff -rNU 30 ../httpd-2.2.12-o/modules/generators/mod_info.c ./modules/generators/mod_info.c
--- ../httpd-2.2.12-o/modules/generators/mod_info.c 2009-07-10 14:18:07.000000000 +0200
+++ ./modules/generators/mod_info.c 2013-03-27 09:49:12.000000000 +0100
@@ -344,61 +344,61 @@
server_rec *serv = r->server;
int max_daemons, forked, threaded;
ap_rputs("<h2><a name=\"server\">Server Settings</a></h2>", r);
ap_rprintf(r,
"<dl><dt><strong>Server Version:</strong> "
"<font size=\"+1\"><tt>%s</tt></font></dt>\n",
ap_get_server_description());
ap_rprintf(r,
"<dt><strong>Server Built:</strong> "
"<font size=\"+1\"><tt>%s</tt></font></dt>\n",
ap_get_server_built());
ap_rprintf(r,
"<dt><strong>Server loaded APR Version:</strong> "
"<tt>%s</tt></dt>\n", apr_version_string());
ap_rprintf(r,
"<dt><strong>Compiled with APR Version:</strong> "
"<tt>%s</tt></dt>\n", APR_VERSION_STRING);
ap_rprintf(r,
"<dt><strong>Server loaded APU Version:</strong> "
"<tt>%s</tt></dt>\n", apu_version_string());
ap_rprintf(r,
"<dt><strong>Compiled with APU Version:</strong> "
"<tt>%s</tt></dt>\n", APU_VERSION_STRING);
ap_rprintf(r,
"<dt><strong>Module Magic Number:</strong> "
"<tt>%d:%d</tt></dt>\n", MODULE_MAGIC_NUMBER_MAJOR,
MODULE_MAGIC_NUMBER_MINOR);
ap_rprintf(r,
"<dt><strong>Hostname/port:</strong> "
- "<tt>%s:%u</tt></dt>\n", ap_get_server_name(r),
+ "<tt>%s:%u</tt></dt>\n", ap_escape_html(r->pool, ap_get_server_name(r)),
ap_get_server_port(r));
ap_rprintf(r,
"<dt><strong>Timeouts:</strong> "
"<tt>connection: %d "
"keep-alive: %d</tt></dt>",
(int) (apr_time_sec(serv->timeout)),
(int) (apr_time_sec(serv->keep_alive_timeout)));
ap_mpm_query(AP_MPMQ_MAX_DAEMON_USED, &max_daemons);
ap_mpm_query(AP_MPMQ_IS_THREADED, &threaded);
ap_mpm_query(AP_MPMQ_IS_FORKED, &forked);
ap_rprintf(r, "<dt><strong>MPM Name:</strong> <tt>%s</tt></dt>\n",
ap_show_mpm());
ap_rprintf(r,
"<dt><strong>MPM Information:</strong> "
"<tt>Max Daemons: %d Threaded: %s Forked: %s</tt></dt>\n",
max_daemons, threaded ? "yes" : "no", forked ? "yes" : "no");
ap_rprintf(r,
"<dt><strong>Server Architecture:</strong> "
"<tt>%ld-bit</tt></dt>\n", 8 * (long) sizeof(void *));
ap_rprintf(r,
"<dt><strong>Server Root:</strong> "
"<tt>%s</tt></dt>\n", ap_server_root);
ap_rprintf(r,
"<dt><strong>Config File:</strong> "
"<tt>%s</tt></dt>\n", ap_conftree->filename);
ap_rputs("<dt><strong>Server Built With:</strong>\n"
"<tt style=\"white-space: pre;\">\n", r);
/* TODO: Not all of these defines are getting set like they do in main.c.
