Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fixed off-by-one in virtualhost processing. Previous code was checking if 

Host header is a prefix of any existing vhost. This behaviour might be used to
uncover existing vitual hosts from the remote.

OK @mrg
This commit is contained in:
shm 2014-11-21 08:54:12 +00:00
parent 758341eedc
commit b8c713d1a2
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
libexec/httpd/bozohttpd.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: bozohttpd.c,v 1.57 2014/10/10 05:10:59 mrg Exp $ */
/* $NetBSD: bozohttpd.c,v 1.58 2014/11/21 08:54:12 shm Exp $ */
/* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
@ -1093,8 +1093,8 @@ check_virtual(bozo_httpreq_t *request)
}
debug((httpd, DEBUG_OBESE, "looking at dir``%s''",
d->d_name));
if (strncasecmp(d->d_name, request->hr_host,
len) == 0) {
if (d->d_namlen == len && strcmp(d->d_name,
request->hr_host) == 0) {
/* found it, punch it */
debug((httpd, DEBUG_OBESE, "found it punch it"));
request->hr_virthostname =