From: Tony Finch Date: Wed, 24 Jan 2001 01:05:47 +0000 (+0000) Subject: Relax the checking of Host: headers so that only character sequences that X-Git-Url: https://granicus.if.org/sourcecode?a=commitdiff_plain;h=8ebb815e655fbd5791c732d02c58f2e6ffc9afc6;p=apache Relax the checking of Host: headers so that only character sequences that are sensitive to the filesystem are rejected, i.e. forward slashes, backward slashes, and sequences of more than one dot. This supports iDNS without compromising the safety of mass vhosting. PR: 6635 git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/trunk@87803 13f79535-47bb-0310-9956-ffa450edef68 --- diff --git a/CHANGES b/CHANGES index 57e784235f..dcfb1a59b0 100644 --- a/CHANGES +++ b/CHANGES @@ -1,5 +1,8 @@ Changes with Apache 2.0b1 + *) Relax the syntax checking of Host: headers in order to support + iDNS. PR#6635 [Tony Finch] + *) Cleanup the byterange filter to use the apr_brigade_partition and apr_bucket_copy functions. This removes a lot of very messy code, and hopefully makes this filter more stable. diff --git a/server/vhost.c b/server/vhost.c index 7545e3a52e..2eba9b7b64 100644 --- a/server/vhost.c +++ b/server/vhost.c @@ -744,21 +744,15 @@ static void fix_hostname(request_rec *r) * already; otherwise, further validation is needed */ if (r->hostname[0] != '[') { - dst = host; - while (*dst) { - if (!apr_isalnum(*dst) && *dst != '-') { - if (*dst == '.') { - dst++; - if (*dst == '.') - goto bad; - else - continue; - } - goto bad; - } - else { - dst++; - } + for (dst = host; *dst; dst++) { + if (*dst == '.') { + dst++; + if (*dst == '.') + goto bad; + } + else if (*dst == '/' || *dst == '\\') { + goto bad; + } } /* strip trailing gubbins */ if (dst > host && dst[-1] == '.') {