Tighten up the syntax checking of Host: headers to fix a

security bug in some mass virtual hosting configurations
that can allow a remote attacker to retrieve some files
on the system that should be inaccessible. The problem
occured with requests including the line "Host: ..." --
the last dot is stripped and the remaining ".." then
reveals a parent directory.

Reported by: Peter Christoffersen <pch@mindpass.com>
Message-ID: <8quts6$2el$1@news.inet.tele.dk>
Newsgroups: comp.infosystems.www.servers.unix


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/1.3.x@86346 13f79535-47bb-0310-9956-ffa450edef68