Commit 8ebb815e authored by Tony Finch's avatar Tony Finch
Browse files

Relax the checking of Host: headers so that only character sequences that 

are sensitive to the filesystem are rejected, i.e. forward slashes,
backward slashes, and sequences of more than one dot. This supports iDNS
without compromising the safety of mass vhosting.

PR: 6635


git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@87803 13f79535-47bb-0310-9956-ffa450edef68
parent 6ab45c71

CHANGES

+3 −0
Original line number Diff line number Diff line 
Changes with Apache 2.0b1



  *) Relax the syntax checking of Host: headers in order to support

     iDNS. PR#6635 [Tony Finch]



  *) Cleanup the byterange filter to use the apr_brigade_partition

     and apr_bucket_copy functions.  This removes a lot of very messy

     code, and hopefully makes this filter more stable.

server/vhost.c

+9 −15
Original line number Diff line number Diff line
@@ -744,21 +744,15 @@ static void fix_hostname(request_rec *r) 
     * already; otherwise, further validation is needed 

     */

    if (r->hostname[0] != '[') {

        dst = host;

        while (*dst) {

            if (!apr_isalnum(*dst) && *dst != '-') {

        for (dst = host; *dst; dst++) {

	    if (*dst == '.') {

		dst++;

		if (*dst == '.')

		    goto bad;

                    else

                        continue;

	    }

	    else if (*dst == '/' || *dst == '\\') {

		goto bad;

	    }

            else {

                dst++;

            }

        }

        /* strip trailing gubbins */

        if (dst > host && dst[-1] == '.') {