1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
|
Author: Hilko Bengen <bengen@debian.org>
Description: Escape user, vhost, uri, referer, agent strings in log (Closes: #372536).
--- a/urlsnarf.c 2011-06-19 17:15:18.023999373 -0500
+++ b/urlsnarf.c 2011-06-19 17:15:21.627999373 -0500
@@ -84,6 +84,43 @@
return (tstr);
}
+static char *
+escape_log_entry(char *string)
+{
+ char *out;
+ unsigned char *c, *o;
+ size_t len;
+
+ if (!string)
+ return NULL;
+
+ /* Determine needed length */
+ for (c = string, len = 0; *c; c++) {
+ if ((*c < 32) || (*c >= 128))
+ len += 4;
+ else if ((*c == '"') || (*c =='\\'))
+ len += 2;
+ else
+ len++;
+ }
+ out = malloc(len+1);
+ if (!out)
+ return NULL;
+ for (c = string, o = out; *c; c++, o++) {
+ if ((*c < 32) || (*c >= 128)) {
+ snprintf(o, 5, "\\x%02x", *c);
+ o += 3;
+ } else if ((*c == '"') || ((*c =='\\'))) {
+ *(o++) = '\\';
+ *o = *c;
+ } else {
+ *o = *c;
+ }
+ }
+ out[len]='\0';
+ return out;
+}
+
static int
process_http_request(struct tuple4 *addr, u_char *data, int len)
{
@@ -142,18 +179,26 @@
buf_tok(NULL, NULL, i);
}
}
- if (user == NULL)
- user = "-";
- if (vhost == NULL)
- vhost = libnet_addr2name4(addr->daddr, Opt_dns);
- if (referer == NULL)
- referer = "-";
- if (agent == NULL)
- agent = "-";
-
+ user = escape_log_entry(user);
+ vhost = escape_log_entry(vhost);
+ uri = escape_log_entry(uri);
+ referer = escape_log_entry(referer);
+ agent = escape_log_entry(agent);
+
printf("%s - %s [%s] \"%s http://%s%s\" - - \"%s\" \"%s\"\n",
libnet_addr2name4(addr->saddr, Opt_dns),
- user, timestamp(), req, vhost, uri, referer, agent);
+ (user?user:"-"),
+ timestamp(), req,
+ (vhost?vhost:libnet_addr2name4(addr->daddr, Opt_dns)),
+ uri,
+ (referer?referer:"-"),
+ (agent?agent:"-"));
+
+ free(user);
+ free(vhost);
+ free(uri);
+ free(referer);
+ free(agent);
}
fflush(stdout);
|
