87 lines
2.0 KiB
Diff
87 lines
2.0 KiB
Diff
Patch by Hilko Bengen <bengen@debian.org> for dsniff >= 2.4b1, which adds
|
|
escaping for user, vhost, uri, referrer and agent strings in the log. For
|
|
further information, please have a look to Debian bug ID #372536.
|
|
|
|
--- dsniff-2.4b1/urlsnarf.c 2008-08-30 15:34:21.000000000 +0200
|
|
+++ dsniff-2.4b1/urlsnarf.c.escape 2008-08-30 15:38:46.000000000 +0200
|
|
@@ -84,6 +84,43 @@
|
|
return (tstr);
|
|
}
|
|
|
|
+static char *
|
|
+escape_log_entry(char *string)
|
|
+{
|
|
+ char *out;
|
|
+ unsigned char *c, *o;
|
|
+ size_t len;
|
|
+
|
|
+ if (!string)
|
|
+ return NULL;
|
|
+
|
|
+ /* Determine needed length */
|
|
+ for (c = string, len = 0; *c; c++) {
|
|
+ if ((*c < 32) || (*c >= 128))
|
|
+ len += 4;
|
|
+ else if ((*c == '"') || (*c =='\\'))
|
|
+ len += 2;
|
|
+ else
|
|
+ len++;
|
|
+ }
|
|
+ out = malloc(len+1);
|
|
+ if (!out)
|
|
+ return NULL;
|
|
+ for (c = string, o = out; *c; c++, o++) {
|
|
+ if ((*c < 32) || (*c >= 128)) {
|
|
+ snprintf(o, 5, "\\x%02x", *c);
|
|
+ o += 3;
|
|
+ } else if ((*c == '"') || ((*c =='\\'))) {
|
|
+ *(o++) = '\\';
|
|
+ *o = *c;
|
|
+ } else {
|
|
+ *o = *c;
|
|
+ }
|
|
+ }
|
|
+ out[len]='\0';
|
|
+ return out;
|
|
+}
|
|
+
|
|
static int
|
|
process_http_request(struct tuple4 *addr, u_char *data, int len)
|
|
{
|
|
@@ -142,18 +179,26 @@
|
|
buf_tok(NULL, NULL, i);
|
|
}
|
|
}
|
|
- if (user == NULL)
|
|
- user = "-";
|
|
- if (vhost == NULL)
|
|
- vhost = libnet_addr2name4(addr->daddr, Opt_dns);
|
|
- if (referer == NULL)
|
|
- referer = "-";
|
|
- if (agent == NULL)
|
|
- agent = "-";
|
|
+ user = escape_log_entry(user);
|
|
+ vhost = escape_log_entry(vhost);
|
|
+ uri = escape_log_entry(uri);
|
|
+ referer = escape_log_entry(referer);
|
|
+ agent = escape_log_entry(agent);
|
|
|
|
printf("%s - %s [%s] \"%s http://%s%s\" - - \"%s\" \"%s\"\n",
|
|
libnet_addr2name4(addr->saddr, Opt_dns),
|
|
- user, timestamp(), req, vhost, uri, referer, agent);
|
|
+ (user?user:"-"),
|
|
+ timestamp(), req,
|
|
+ (vhost?vhost:libnet_addr2name4(addr->daddr, Opt_dns)),
|
|
+ uri,
|
|
+ (referer?referer:"-"),
|
|
+ (agent?agent:"-"));
|
|
+
|
|
+ free(user);
|
|
+ free(vhost);
|
|
+ free(uri);
|
|
+ free(referer);
|
|
+ free(agent);
|
|
}
|
|
fflush(stdout);
|
|
|