From 572681c9f1bc2a11c84d6a6a3b2ad7e52bcdcc8b Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Stefan=20B=C3=BChler?= Date: Sun, 5 Jul 2015 16:01:16 +0000 Subject: [PATCH] fix hex escape in accesslog (fixes #2559) MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit From: Stefan Bühler git-svn-id: svn://svn.lighttpd.net/lighttpd/branches/lighttpd-1.4.x@2992 152afb58-edef-0310-8abb-c4023f1b3aa9 --- NEWS | 1 + src/mod_accesslog.c | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/NEWS b/NEWS index 18007fc6..5a8d6f77 100644 --- a/NEWS +++ b/NEWS @@ -20,6 +20,7 @@ NEWS * fix error message for T_CONFIG_ARRAY config values if an entry value is not a string * fix segfaults in many plugins if they failed configuration * escape all strings for logging (fixes #2646 log file injection, reported by Jaanus Kääp) + * fix hex escape in accesslog (fixes #2559) - 1.4.35 - 2014-03-12 * [network/ssl] fix build error if TLSEXT is disabled diff --git a/src/mod_accesslog.c b/src/mod_accesslog.c index f5be7d2f..17c5412c 100644 --- a/src/mod_accesslog.c +++ b/src/mod_accesslog.c @@ -169,7 +169,7 @@ static void accesslog_append_escaped(buffer *dest, buffer *str) { buffer_string_prepare_append(dest, buffer_string_length(str)); for (ptr = start = str->ptr, end = str->ptr + buffer_string_length(str); ptr < end; ptr++) { - char const c = *ptr; + unsigned char const c = (unsigned char) *ptr; if (c >= ' ' && c <= '~' && c != '"' && c != '\\') { /* nothing to change, add later as one block */ } else {