# CVE-2012-0053: Error response issue that could expose "httpOnly"
#                cookies
#
# Further details organized by httpd release may be available from:
#
#   http://httpd.apache.org/security_report.html
#
Index: server/protocol.c
===================================================================
--- server/protocol.c	(revision 1237150)
+++ server/protocol.c	(working copy)
@@ -677,6 +677,16 @@
     return 1;
 }
 
+/* get the length of the field name for logging, but no more than 80 bytes */
+#define LOG_NAME_MAX_LEN 80
+static int field_name_len(const char *field)
+{
+    const char *end = ap_strchr_c(field, ':');
+    if (end == NULL || end - field > LOG_NAME_MAX_LEN)
+        return LOG_NAME_MAX_LEN;
+    return end - field;
+}
+
 AP_DECLARE(void) ap_get_mime_headers_core(request_rec *r, apr_bucket_brigade *bb)
 {
     char *last_field = NULL;
@@ -709,12 +719,15 @@
             /* insure ap_escape_html will terminate correctly */
             field[len - 1] = '\0';
             apr_table_setn(r->notes, "error-notes",
-                           apr_pstrcat(r->pool,
+                           apr_psprintf(r->pool,
                                        "Size of a request header field "
                                        "exceeds server limit.<br />\n"
-                                       "<pre>\n",
-                                       ap_escape_html(r->pool, field),
-                                       "</pre>\n", NULL));
+                                        "<pre>\n%.*s\n</pre>/n",
+                                        field_name_len(field), 
+                                        ap_escape_html(r->pool, field)));
+            ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r, 
+                          "Request header exceeds LimitRequestFieldSize: "
+                          "%.*s", field_name_len(field), field);
             return;
         }
 
@@ -739,13 +752,17 @@
                      * overflow (last_field) as the field with the problem
                      */
                     apr_table_setn(r->notes, "error-notes",
-                                   apr_pstrcat(r->pool,
+                                   apr_psprintf(r->pool,
                                                "Size of a request header field " 
                                                "after folding "
                                                "exceeds server limit.<br />\n"
-                                               "<pre>\n",
-                                               ap_escape_html(r->pool, last_field),
-                                               "</pre>\n", NULL));
+                                                "<pre>\n%.*s\n</pre>\n",
+                                                field_name_len(last_field),
+                                                ap_escape_html(r->pool, last_field)));
+                    ap_log_rerror(APLOG_MARK, APLOG_INFO, 0, r,
+                                  "Request header exceeds LimitRequestFieldSize "
+                                  "after folding: %.*s",
+                                  field_name_len(last_field), last_field);
                     return;
                 }
 
@@ -777,13 +794,17 @@
                 if (!(value = strchr(last_field, ':'))) { /* Find ':' or    */
                     r->status = HTTP_BAD_REQUEST;      /* abort bad request */
                     apr_table_setn(r->notes, "error-notes",
-                                   apr_pstrcat(r->pool,
+                                   apr_psprintf(r->pool,
                                                "Request header field is "
                                                "missing ':' separator.<br />\n"
-                                               "<pre>\n",
-                                               ap_escape_html(r->pool,
-                                                              last_field),
-                                               "</pre>\n", NULL));
+                                                "<pre>\n%.*s</pre>\n",
+                                                (int)LOG_NAME_MAX_LEN,
+                                                ap_escape_html(r->pool,
+                                                               last_field)));
+                    ap_log_rerror(APLOG_MARK, APLOG_DEBUG, 0, r,
+                                  "Request header field is missing ':' "
+                                  "separator: %.*s", (int)LOG_NAME_MAX_LEN,
+                                  last_field);
                     return;
                 }
                 
