core: Fail startup when the argument to ServerName looks like a glob

or a regular expression instead of a hostname (*?[]).  PR 39863

Submitted By: Rahul Nair <rahul.g.nair gmail.com>
Reviewed By: covener

git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@1042098 13f79535-47bb-0310-9956-ffa450edef68

diff --git a/CHANGES b/CHANGES
index 4b98f15871d10e2e461c03b8a45ee64018ef9bc5..9c5dc53511b3799943eeef5872e8dd7158c3b9b5 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -2,6 +2,10 @@
 
 Changes with Apache 2.3.10
 
+  *) core: Fail startup when the argument to ServerName looks like a glob
+     or a regular expression instead of a hostname (*?[]).  PR 39863 
+     [Rahul Nair <rahul.g.nair gmail.com>]
+
   *) mod_userdir: Add merging of enable, disable, and filename arguments 
      to UserDir directive, leaving enable/disable of userlists unmerged. 
      PR 44076 [Eric Covener]

diff --git a/server/core.c b/server/core.c
index ffeb98d9dc1c7a84f43a0fa81bb315615251f620..7db086f26ffa7d0f8a9622a1839ef0c5e618871d 100644 (file)
--- a/server/core.c
+++ b/server/core.c
@@ -2354,6 +2354,15 @@ static const char *set_server_string_slot(cmd_parms *cmd, void *dummy,
     return NULL;
 }
 
+
+static const apr_status_t valid_hostname(const char* name)
+{
+    if (ap_strchr_c(name, '*') || ap_strchr_c(name, '?') || 
+        ap_strchr_c(name, '[') || ap_strchr_c(name, ']')) { 
+        return APR_EINVAL;
+    }
+    return APR_SUCCESS;
+}
 /*
  * The ServerName directive takes one argument with format
  * [scheme://]fully-qualified-domain-name[:port], for instance
@@ -2373,6 +2382,10 @@ static const char *server_hostname_port(cmd_parms *cmd, void *dummy, const char
         return err;
     }
 
+    if (valid_hostname(arg) != APR_SUCCESS)
+        return apr_pstrcat(cmd->temp_pool, "Invalid ServerName \"", arg,
+                "\" use ServerAlias to set multiple server names.", NULL);
+
     part = ap_strstr_c(arg, "://");
 
     if (part) {