On Fri, Nov 21, 2014 at 08:54:12AM +0000, Mateusz Kocielski wrote:
> Module Name: src
> Committed By: shm
> Date: Fri Nov 21 08:54:12 UTC 2014
>
> Modified Files:
> src/libexec/httpd: bozohttpd.c
>
> Log Message:
> Fixed off-by-one in virtualhost processing. Previous code was checking if
> Host header is a prefix of any existing vhost. This behaviour might be used to
> uncover existing vitual hosts from the remote.
>
> OK @mrg
>
>
> To generate a diff of this commit:
> cvs rdiff -u -r1.57 -r1.58 src/libexec/httpd/bozohttpd.c
>
> Please note that diffs are not public domain; they are subject to the
> copyright notices on the relevant files.
>
> Modified files:
>
> Index: src/libexec/httpd/bozohttpd.c
> diff -u src/libexec/httpd/bozohttpd.c:1.57 src/libexec/httpd/bozohttpd.c:1.58
> --- src/libexec/httpd/bozohttpd.c:1.57 Fri Oct 10 05:10:59 2014
> +++ src/libexec/httpd/bozohttpd.c Fri Nov 21 08:54:12 2014
> @@ -1,4 +1,4 @@
> -/* $NetBSD: bozohttpd.c,v 1.57 2014/10/10 05:10:59 mrg Exp $ */
> +/* $NetBSD: bozohttpd.c,v 1.58 2014/11/21 08:54:12 shm Exp $ */
>
> /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */
>
> @@ -1093,8 +1093,8 @@ check_virtual(bozo_httpreq_t *request)
> }
> debug((httpd, DEBUG_OBESE, "looking at
> dir``%s''",
> d->d_name));
> - if (strncasecmp(d->d_name, request->hr_host,
> - len) == 0) {
> + if (d->d_namlen == len && strcmp(d->d_name,
> + request->hr_host) == 0) {
I think we gained cASe-seNsItiVITy with this?
> /* found it, punch it */
> debug((httpd, DEBUG_OBESE, "found it
> punch it"));
> request->hr_virthostname =
>
