Relax the checking of Host: headers so that only character sequences that

are sensitive to the filesystem are rejected, i.e. forward slashes,
backward slashes, and sequences of more than one dot. This supports iDNS
without compromising the safety of mass vhosting.

PR: 6635

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@87803 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 57e784235fc53cc59a634d153f3d18372afffcdb..dcfb1a59b0459d40dd11c5d33f330cc76879d676 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -1,5 +1,8 @@
 Changes with Apache 2.0b1
 
+  *) Relax the syntax checking of Host: headers in order to support
+     iDNS. PR#6635 [Tony Finch]
+
   *) Cleanup the byterange filter to use the apr_brigade_partition
      and apr_bucket_copy functions.  This removes a lot of very messy
      code, and hopefully makes this filter more stable.

diff --git a/server/vhost.c b/server/vhost.c
index 7545e3a52e42216183c9adf96ea4e6a6a90d86c6..2eba9b7b6493d83a97ac01016e3c8be5ee6e7419 100644 (file)
--- a/server/vhost.c
+++ b/server/vhost.c
@@ -744,21 +744,15 @@ static void fix_hostname(request_rec *r)
      * already; otherwise, further validation is needed 
      */
     if (r->hostname[0] != '[') {
-        dst = host;
-        while (*dst) {
-            if (!apr_isalnum(*dst) && *dst != '-') {
-                if (*dst == '.') {
-                    dst++;
-                    if (*dst == '.')
-                        goto bad;
-                    else
-                        continue;
-                }
-                goto bad;
-            }
-            else {
-                dst++;
-            }
+        for (dst = host; *dst; dst++) {
+           if (*dst == '.') {
+               dst++;
+               if (*dst == '.')
+                   goto bad;
+           }
+           else if (*dst == '/' || *dst == '\\') {
+               goto bad;
+           }
         }
         /* strip trailing gubbins */
         if (dst > host && dst[-1] == '.') {