File httpd-2.2.x-bnc829057-CVE-2013-1862-mod_rewrite_terminal_escape_sequences.diff of Package apache2

diff -rNU 30 ../httpd-2.2.12-o/modules/mappers/mod_rewrite.c ./modules/mappers/mod_rewrite.c
--- ../httpd-2.2.12-o/modules/mappers/mod_rewrite.c	2013-07-22 17:07:27.000000000 +0200
+++ ./modules/mappers/mod_rewrite.c	2013-07-22 17:08:12.000000000 +0200
@@ -466,75 +466,75 @@
                           const char *fmt, ...)
 {
     rewrite_server_conf *conf;
     char *logline, *text;
     const char *rhost, *rname;
     apr_size_t nbytes;
     int redir;
     request_rec *req;
     va_list ap;
 
     conf = ap_get_module_config(r->server->module_config, &rewrite_module);
 
     if (!conf->rewritelogfp || level > conf->rewriteloglevel) {
         return;
     }
 
     rhost = ap_get_remote_host(r->connection, r->per_dir_config,
                                REMOTE_NOLOOKUP, NULL);
     rname = ap_get_remote_logname(r);
 
     for (redir=0, req=r; req->prev; req = req->prev) {
         ++redir;
     }
 
     va_start(ap, fmt);
     text = apr_pvsprintf(r->pool, fmt, ap);
     va_end(ap);
 
     logline = apr_psprintf(r->pool, "%s %s %s %s [%s/sid#%pp][rid#%pp/%s%s%s] "
                                     "(%d) %s%s%s%s" APR_EOL_STR,
-                           rhost ? rhost : "UNKNOWN-HOST",
-                           rname ? rname : "-",
-                           r->user ? (*r->user ? r->user : "\"\"") : "-",
+                           rhost ? ap_escape_logitem(r->pool, rhost) : "UNKNOWN-HOST",
+                           rname ? ap_escape_logitem(r->pool, rname) : "-",
+                           r->user ? (*r->user ? ap_escape_logitem(r->pool, r->user) : "\"\"") : "-",
                            current_logtime(r),
-                           ap_get_server_name(r),
+                           ap_escape_logitem(r->pool, ap_get_server_name(r)),
                            (void *)(r->server),
                            (void *)r,
                            r->main ? "subreq" : "initial",
                            redir ? "/redir#" : "",
                            redir ? apr_itoa(r->pool, redir) : "",
                            level,
                            perdir ? "[perdir " : "",
                            perdir ? perdir : "",
                            perdir ? "] ": "",
-                           text);
+                           ap_escape_logitem(r->pool, text));
 
     nbytes = strlen(logline);
     apr_file_write(conf->rewritelogfp, logline, &nbytes);
 
     return;
 }
 #endif /* !REWRITELOG_DISABLED */
 
 
 /*
  * +-------------------------------------------------------+
  * |                                                       |
  * |                URI and path functions
  * |                                                       |
  * +-------------------------------------------------------+
  */
 
 /* return number of chars of the scheme (incl. '://')
  * if the URI is absolute (includes a scheme etc.)
  * otherwise 0.
  *
  * NOTE: If you add new schemes here, please have a
  *       look at escape_absolute_uri and splitout_queryargs.
  *       Not every scheme takes query strings and some schemes
  *       may be handled in a special way.
  *
  * XXX: we may consider a scheme registry, perhaps with
  *      appropriate escape callbacks to allow other modules
  *      to extend mod_rewrite at runtime.
  */