From: Petr Tesarik <ptesarik@suse.de>
Subject: wget: CAN-2004-1488
Patch-mainline: no
References: 185265

Escape non-printing characters when dumping all HTTP headers.

--- src/http.c
+++ src/http.c
@@ -754,14 +754,17 @@
     {
       const char *b = resp->headers[i];
       const char *e = resp->headers[i + 1];
+      char *str;
       /* Skip CRLF */
       if (b < e && e[-1] == '\n')
 	--e;
       if (b < e && e[-1] == '\r')
 	--e;
-      /* This is safe even on printfs with broken handling of "%.<n>s"
-	 because resp->headers ends with \0.  */
-      logprintf (LOG_VERBOSE, "%s%.*s\n", prefix, e - b, b);
+      str = xmalloc (e - b + 1);
+      memcpy (str, b, e - b);
+      str[e - b] = 0;
+      logprintf (LOG_VERBOSE, "%s%s\n", prefix, escnonprint (str));
+      xfree (str);
     }
 }