diff options
Diffstat (limited to 'httpd/server_http.c')
-rw-r--r-- | httpd/server_http.c | 101 |
1 files changed, 80 insertions, 21 deletions
diff --git a/httpd/server_http.c b/httpd/server_http.c index 112bb00..9a6609e 100644 --- a/httpd/server_http.c +++ b/httpd/server_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: server_http.c,v 1.84 2015/06/23 17:25:01 semarie Exp $ */ +/* $OpenBSD: server_http.c,v 1.89 2015/07/16 19:05:28 reyk Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter <reyk@openbsd.org> @@ -35,6 +35,7 @@ #include <resolv.h> #include <event.h> #include <ctype.h> +#include <vis.h> #include "httpd.h" #include "http.h" @@ -1007,7 +1008,7 @@ server_expand_http(struct client *clt, const char *val, char *buf, return (NULL); } if (strstr(val, "$SERVER_NAME") != NULL) { - if ((str = url_encode(srv_conf->name)) + if ((str = url_encode(srv_conf->name)) == NULL) return (NULL); ret = expand_string(buf, len, "$SERVER_NAME", str); @@ -1426,6 +1427,13 @@ server_log_http(struct client *clt, u_int code, size_t len) struct tm *tm; struct server_config *srv_conf; struct http_descriptor *desc; + int ret = -1; + char *user = NULL; + char *path = NULL; + char *query = NULL; + char *version = NULL; + char *referrer_v = NULL; + char *agent_v = NULL; if ((srv_conf = clt->clt_srv_conf) == NULL) return (-1); @@ -1454,18 +1462,34 @@ server_log_http(struct client *clt, u_int code, size_t len) */ switch (srv_conf->logformat) { case LOG_FORMAT_COMMON: - if (evbuffer_add_printf(clt->clt_log, + /* Use vis to encode input values from the header */ + if (clt->clt_remote_user && + stravis(&user, clt->clt_remote_user, HTTPD_LOGVIS) == -1) + goto done; + if (desc->http_version && + stravis(&version, desc->http_version, HTTPD_LOGVIS) == -1) + goto done; + + /* The following should be URL-encoded */ + if (desc->http_path && + (path = url_encode(desc->http_path)) == NULL) + goto done; + if (desc->http_query && + (query = url_encode(desc->http_query)) == NULL) + goto done; + + ret = evbuffer_add_printf(clt->clt_log, "%s %s - %s [%s] \"%s %s%s%s%s%s\" %03d %zu\n", srv_conf->name, ip, clt->clt_remote_user == NULL ? "-" : - clt->clt_remote_user, tstamp, + user, tstamp, server_httpmethod_byid(desc->http_method), - desc->http_path == NULL ? "" : desc->http_path, + desc->http_path == NULL ? "" : path, desc->http_query == NULL ? "" : "?", - desc->http_query == NULL ? "" : desc->http_query, + desc->http_query == NULL ? "" : query, desc->http_version == NULL ? "" : " ", - desc->http_version == NULL ? "" : desc->http_version, - code, len) == -1) - return (-1); + desc->http_version == NULL ? "" : version, + code, len); + break; case LOG_FORMAT_COMBINED: @@ -1479,29 +1503,64 @@ server_log_http(struct client *clt, u_int code, size_t len) agent->kv_value == NULL) agent = NULL; - if (evbuffer_add_printf(clt->clt_log, + /* Use vis to encode input values from the header */ + if (clt->clt_remote_user && + stravis(&user, clt->clt_remote_user, HTTPD_LOGVIS) == -1) + goto done; + if (desc->http_version && + stravis(&version, desc->http_version, HTTPD_LOGVIS) == -1) + goto done; + if (agent && + stravis(&agent_v, agent->kv_value, HTTPD_LOGVIS) == -1) + goto done; + + /* The following should be URL-encoded */ + if (desc->http_path && + (path = url_encode(desc->http_path)) == NULL) + goto done; + if (desc->http_query && + (query = url_encode(desc->http_query)) == NULL) + goto done; + if (referrer && + (referrer_v = url_encode(referrer->kv_value)) == NULL) + goto done; + + ret = evbuffer_add_printf(clt->clt_log, "%s %s - %s [%s] \"%s %s%s%s%s%s\"" " %03d %zu \"%s\" \"%s\"\n", srv_conf->name, ip, clt->clt_remote_user == NULL ? "-" : - clt->clt_remote_user, tstamp, + user, tstamp, server_httpmethod_byid(desc->http_method), - desc->http_path == NULL ? "" : desc->http_path, + desc->http_path == NULL ? "" : path, desc->http_query == NULL ? "" : "?", - desc->http_query == NULL ? "" : desc->http_query, + desc->http_query == NULL ? "" : query, desc->http_version == NULL ? "" : " ", - desc->http_version == NULL ? "" : desc->http_version, + desc->http_version == NULL ? "" : version, code, len, - referrer == NULL ? "" : referrer->kv_value, - agent == NULL ? "" : agent->kv_value) == -1) - return (-1); + referrer == NULL ? "" : referrer_v, + agent == NULL ? "" : agent_v); + break; case LOG_FORMAT_CONNECTION: - if (evbuffer_add_printf(clt->clt_log, " [%s]", - desc->http_path == NULL ? "" : desc->http_path) == -1) - return (-1); + /* URL-encode the path */ + if (desc->http_path && + (path = url_encode(desc->http_path)) == NULL) + goto done; + + ret = evbuffer_add_printf(clt->clt_log, " [%s]", + desc->http_path == NULL ? "" : path); + break; } - return (0); +done: + free(user); + free(path); + free(query); + free(version); + free(referrer_v); + free(agent_v); + + return (ret); } |