Репозитории ALT
| 5.1: | 2.4-alt0.10.b1 |
| 4.1: | 2.4-alt0.9.b1.1 |
| 4.0: | 2.4-alt0.9.b1.1 |
| 3.0: | 2.4-alt0.6.b1.1 |
Группа :: Мониторинг
Пакет: dsniff
навигация по пакетам
Главная Изменения Спек Патчи Sources Загрузить Gear Bugs and FR Repocop
Патч: dsniff-2.4b1-deb-urlsnarf-escape.patch
Скачать
Скачать
## 10_urlsnarf_escape.dpatch by Hilko Bengen <bengen@debian.org>
##
## DP: Escape user, vhost, uri, referer, agent strings in log (Closes: #372536).
--- dsniff-2.4b1+debian~/urlsnarf.c 2006-11-27 17:09:54.000000000 +0100
+++ dsniff-2.4b1+debian/urlsnarf.c 2006-11-27 17:08:41.000000000 +0100
@@ -84,6 +84,43 @@
return (tstr);
}
+static char *
+escape_log_entry(char *string)
+{+ char *out;
+ unsigned char *c, *o;
+ size_t len;
+
+ if (!string)
+ return NULL;
+
+ /* Determine needed length */
+ for (c = string, len = 0; *c; c++) {+ if ((*c < 32) || (*c >= 128))
+ len += 4;
+ else if ((*c == '"') || (*c =='\\'))
+ len += 2;
+ else
+ len++;
+ }
+ out = malloc(len+1);
+ if (!out)
+ return NULL;
+ for (c = string, o = out; *c; c++, o++) {+ if ((*c < 32) || (*c >= 128)) {+ snprintf(o, 5, "\\x%02x", *c);
+ o += 3;
+ } else if ((*c == '"') || ((*c =='\\'))) {+ *(o++) = '\\';
+ *o = *c;
+ } else {+ *o = *c;
+ }
+ }
+ out[len]='\0';
+ return out;
+}
+
static int
process_http_request(struct tuple4 *addr, u_char *data, int len)
{@@ -142,18 +179,26 @@
buf_tok(NULL, NULL, i);
}
}
- if (user == NULL)
- user = "-";
- if (vhost == NULL)
- vhost = libnet_addr2name4(addr->daddr, Opt_dns);
- if (referer == NULL)
- referer = "-";
- if (agent == NULL)
- agent = "-";
-
+ user = escape_log_entry(user);
+ vhost = escape_log_entry(vhost);
+ uri = escape_log_entry(uri);
+ referer = escape_log_entry(referer);
+ agent = escape_log_entry(agent);
+
printf("%s - %s [%s] \"%s http://%s%s\" - - \"%s\" \"%s\"\n",libnet_addr2name4(addr->saddr, Opt_dns),
- user, timestamp(), req, vhost, uri, referer, agent);
+ (user?user:"-"),
+ timestamp(), req,
+ (vhost?vhost:libnet_addr2name4(addr->daddr, Opt_dns)),
+ uri,
+ (referer?referer:"-"),
+ (agent?agent:"-"));
+
+ free(user);
+ free(vhost);
+ free(uri);
+ free(referer);
+ free(agent);
}
fflush(stdout);