httpd-cvs mailing list archives

Site index · List index
Message view « Date » · « Thread »
Top « Date » · « Thread »
From f...@apache.org
Subject cvs commit: httpd-2.0/server vhost.c
Date Wed, 24 Jan 2001 01:05:49 GMT
fanf        01/01/23 17:05:48

  Modified:    .        CHANGES
               server   vhost.c
  Log:
  Relax the checking of Host: headers so that only character sequences that
  are sensitive to the filesystem are rejected, i.e. forward slashes,
  backward slashes, and sequences of more than one dot. This supports iDNS
  without compromising the safety of mass vhosting.
  
  PR: 6635
  
  Revision  Changes    Path
  1.53      +3 -0      httpd-2.0/CHANGES
  
  Index: CHANGES
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/CHANGES,v
  retrieving revision 1.52
  retrieving revision 1.53
  diff -u -u -r1.52 -r1.53
  --- CHANGES	2001/01/23 05:57:32	1.52
  +++ CHANGES	2001/01/24 01:05:44	1.53
  @@ -1,5 +1,8 @@
   Changes with Apache 2.0b1
   
  +  *) Relax the syntax checking of Host: headers in order to support
  +     iDNS. PR#6635 [Tony Finch]
  +
     *) Cleanup the byterange filter to use the apr_brigade_partition
        and apr_bucket_copy functions.  This removes a lot of very messy
        code, and hopefully makes this filter more stable.
  
  
  
  1.52      +9 -15     httpd-2.0/server/vhost.c
  
  Index: vhost.c
  ===================================================================
  RCS file: /home/cvs/httpd-2.0/server/vhost.c,v
  retrieving revision 1.51
  retrieving revision 1.52
  diff -u -u -r1.51 -r1.52
  --- vhost.c	2001/01/18 23:52:03	1.51
  +++ vhost.c	2001/01/24 01:05:47	1.52
  @@ -744,21 +744,15 @@
        * already; otherwise, further validation is needed 
        */
       if (r->hostname[0] != '[') {
  -        dst = host;
  -        while (*dst) {
  -            if (!apr_isalnum(*dst) && *dst != '-') {
  -                if (*dst == '.') {
  -                    dst++;
  -                    if (*dst == '.')
  -                        goto bad;
  -                    else
  -                        continue;
  -                }
  -                goto bad;
  -            }
  -            else {
  -                dst++;
  -            }
  +        for (dst = host; *dst; dst++) {
  +	    if (*dst == '.') {
  +		dst++;
  +		if (*dst == '.')
  +		    goto bad;
  +	    }
  +	    else if (*dst == '/' || *dst == '\\') {
  +		goto bad;
  +	    }
           }
           /* strip trailing gubbins */
           if (dst > host && dst[-1] == '.') {
  
  
  

Mime
View raw message