CVE-2012-3499 and CVE-2012-4558

Be sure to escape potential troubled strings


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1413732 13f79535-47bb-0310-9956-ffa450edef68

2 files changed, 4 insertions, 2 deletions

diff --git a/modules/generators/mod_info.c b/modules/generators/mod_info.c
index 75c37782bc..2f2db9fa61 100644
--- a/modules/generators/mod_info.c
+++ b/modules/generators/mod_info.c
@@ -459,7 +459,8 @@ static int show_server_settings(request_rec * r)
                MODULE_MAGIC_NUMBER_MINOR);
     ap_rprintf(r,
                "<dt><strong>Hostname/port:</strong> "
-               "<tt>%s:%u</tt></dt>\n", ap_get_server_name(r),
+               "<tt>%s:%u</tt></dt>\n",
+               ap_escape_html(r->pool, ap_get_server_name(r)),
                ap_get_server_port(r));
     ap_rprintf(r,
                "<dt><strong>Timeouts:</strong> "
diff --git a/modules/generators/mod_status.c b/modules/generators/mod_status.c
index 8b39db43a9..54404e90bb 100644
--- a/modules/generators/mod_status.c
+++ b/modules/generators/mod_status.c
@@ -400,7 +400,8 @@ static int status_handler(request_rec *r)
                  "<title>Apache Status</title>\n"
                  "</head><body>\n"
                  "<h1>Apache Server Status for ", r);
-        ap_rvputs(r, ap_get_server_name(r), " (via ", r->connection->local_ip,
+        ap_rvputs(r, ap_escape_html(r->pool, ap_get_server_name(r)),
+                  " (via ", r->connection->local_ip,
                   ")</h1>\n\n", NULL);
         ap_rvputs(r, "<dl><dt>Server Version: ",
                   ap_get_server_description(), "</dt>\n", NULL);