Index: protocols/http.c
===================================================================
RCS file: /sources/monit/monit/protocols/http.c,v
retrieving revision 1.49
retrieving revision 1.53
diff -u -r1.49 -r1.53
--- protocols/http.c	27 Apr 2006 20:16:03 -0000	1.49
+++ protocols/http.c	30 Jul 2007 21:43:33 -0000	1.53
@@ -1,20 +1,19 @@
 /*
- * Copyright (C), 2000-2006 by the monit project group.
+ * Copyright (C), 2000-2007 by the monit project group.
  * All Rights Reserved.
  *
- * This program is free software; you can redistribute it and/or
- * modify it under the terms of the GNU General Public License as
- * published by the Free Software Foundation; either version 2 of the
- * License, or (at your option) any later version.
+ * This program is free software: you can redistribute it and/or modify
+ * it under the terms of the GNU General Public License as published by
+ * the Free Software Foundation, either version 3 of the License, or
+ * (at your option) any later version.
+ *
+ * This program is distributed in the hope that it will be useful,
+ * but WITHOUT ANY WARRANTY; without even the implied warranty of
+ * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+ * GNU General Public License for more details.
  *
- * This program is distributed in the hope that it will be useful, but
- * WITHOUT ANY WARRANTY; without even the implied warranty of
- * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the GNU
- * General Public License for more details.
- * 
  * You should have received a copy of the GNU General Public License
- * along with this program; if not, write to the Free Software Foundation,
- * Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307 USA
+ * along with this program.  If not, see <http://www.gnu.org/licenses/>.
  */
 
 #include <config.h>
@@ -73,7 +72,7 @@
  *
  *  @author Jan-Henrik Haukeland, <hauk@tildeslash.com>
  *  @author Martin Pala, <martinp@tildeslash.com>
- *  @version \$Id: http.c,v 1.49 2006/04/27 20:16:03 martinp Exp $
+ *  @version \$Id: http.c,v 1.53 2007/07/30 21:43:33 martinp Exp $
  *  @file
  */
 
@@ -93,6 +92,8 @@
   long content_length;
   char cookie[LINE_SIZE];
   char location[LINE_SIZE];
+  char location_saved[LINE_SIZE];
+  char redirect_level;
 } Http_T;
 
 
@@ -395,6 +396,7 @@
   char auth[STRLEN]= {0};
   Port_T P= socket_get_Port(H->s);
 
+  H->redirect_level++;
   
   /*
    * FIXME: there is a 
@@ -421,13 +423,17 @@
 		  "User-Agent: %s/%s\r\n"
 		  "Cookie: %s\r\n"
 		  "%s\r\n", 
-		  H->location, Util_getHTTPHostHeader(H->s, host,STRLEN), 
-		  prog, VERSION, H->cookie, get_auth_header(P, auth, STRLEN))
-     < 0) {
+		  H->location,
+                  Util_getHTTPHostHeader(H->s, host,STRLEN), 
+		  prog, VERSION,
+                  H->cookie,
+                  get_auth_header(P, auth, STRLEN)) < 0)
+  {
     DEBUG("HTTP error: Failed sending data -- %s\n", STRERROR);
     return FALSE;
   }
 
+  snprintf(H->location_saved, LINE_SIZE, "%s", H->location);
   if(! get_response(H->s, H)) {
     return FALSE;
   }
@@ -438,6 +444,14 @@
     break;
 
   case SC_MOVED_TEMPORARILY:
+    if(IS(H->location, H->location_saved)) {
+      DEBUG("HTTP error: Redirect location points to itself -- %s\n", H->location);
+      return FALSE;
+    }
+    if(H->redirect_level >= 64) {
+      DEBUG("HTTP error: Unsupported redirect level -- %d redirects\n", H->redirect_level);
+      return FALSE;
+    }
     if(!do_redirect(H)) {
       return FALSE;
     }