File httpd-2.2.x-bnc806458-util_ldap_cache_mgr-xss.diff of Package apache2.1524
diff -rNU 30 ../httpd-2.2.12-o/modules/ldap/util_ldap_cache_mgr.c ./modules/ldap/util_ldap_cache_mgr.c
--- ../httpd-2.2.12-o/modules/ldap/util_ldap_cache_mgr.c 2006-07-12 05:38:44.000000000 +0200
+++ ./modules/ldap/util_ldap_cache_mgr.c 2013-03-26 18:21:29.000000000 +0100
@@ -466,61 +466,64 @@
char *util_ald_cache_display_stats(request_rec *r, util_ald_cache_t *cache, char *name, char *id)
{
unsigned long i;
int totchainlen = 0;
int nchains = 0;
double chainlen;
util_cache_node_t *n;
char *buf, *buf2;
apr_pool_t *p = r->pool;
if (cache == NULL) {
return "";
}
for (i=0; i < cache->size; ++i) {
if (cache->nodes[i] != NULL) {
nchains++;
for (n = cache->nodes[i];
n != NULL && n != n->next;
n = n->next) {
totchainlen++;
}
}
}
chainlen = nchains? (double)totchainlen / (double)nchains : 0;
if (id) {
buf2 = apr_psprintf(p,
"<a href=\"%s?%s\">%s</a>",
+/* CVE-2012-3499
r->uri,
+*/
+ ap_escape_html(r->pool, ap_escape_uri(r->pool, r->uri)),
id,
name);
}
else {
buf2 = name;
}
buf = apr_psprintf(p,
"<tr valign='top'>"
"<td nowrap>%s</td>"
"<td align='right' nowrap>%lu (%.0f%% full)</td>"
"<td align='right'>%.1f</td>"
"<td align='right'>%lu/%lu</td>"
"<td align='right'>%.0f%%</td>"
"<td align='right'>%lu/%lu</td>",
buf2,
cache->numentries,
(double)cache->numentries / (double)cache->maxentries * 100.0,
chainlen,
cache->hits,
cache->fetches,
(cache->fetches > 0 ? (double)(cache->hits) / (double)(cache->fetches) * 100.0 : 100.0),
cache->inserts,
cache->removes);
if (cache->numpurges) {
char str_ctime[APR_CTIME_LEN];
apr_ctime(str_ctime, cache->last_purge);
buf = apr_psprintf(p,
