On Fri, Nov 21, 2014 at 08:54:12AM +0000, Mateusz Kocielski wrote: > Module Name: src > Committed By: shm > Date: Fri Nov 21 08:54:12 UTC 2014 > > Modified Files: > src/libexec/httpd: bozohttpd.c > > Log Message: > Fixed off-by-one in virtualhost processing. Previous code was checking if > Host header is a prefix of any existing vhost. This behaviour might be used to > uncover existing vitual hosts from the remote. > > OK @mrg > > > To generate a diff of this commit: > cvs rdiff -u -r1.57 -r1.58 src/libexec/httpd/bozohttpd.c > > Please note that diffs are not public domain; they are subject to the > copyright notices on the relevant files. >
> Modified files: > > Index: src/libexec/httpd/bozohttpd.c > diff -u src/libexec/httpd/bozohttpd.c:1.57 src/libexec/httpd/bozohttpd.c:1.58 > --- src/libexec/httpd/bozohttpd.c:1.57 Fri Oct 10 05:10:59 2014 > +++ src/libexec/httpd/bozohttpd.c Fri Nov 21 08:54:12 2014 > @@ -1,4 +1,4 @@ > -/* $NetBSD: bozohttpd.c,v 1.57 2014/10/10 05:10:59 mrg Exp $ */ > +/* $NetBSD: bozohttpd.c,v 1.58 2014/11/21 08:54:12 shm Exp $ */ > > /* $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $ */ > > @@ -1093,8 +1093,8 @@ check_virtual(bozo_httpreq_t *request) > } > debug((httpd, DEBUG_OBESE, "looking at > dir``%s''", > d->d_name)); > - if (strncasecmp(d->d_name, request->hr_host, > - len) == 0) { > + if (d->d_namlen == len && strcmp(d->d_name, > + request->hr_host) == 0) { I think we gained cASe-seNsItiVITy with this? > /* found it, punch it */ > debug((httpd, DEBUG_OBESE, "found it > punch it")); > request->hr_virthostname = >