From 2b2187ea33a51918a229c51bba166fdf6f5bc3fe Mon Sep 17 00:00:00 2001
From: Sascha Schumann <sas@php.net>
Date: Tue, 6 May 2003 19:18:07 +0000
Subject: [PATCH] MFH

---
 sapi/thttpd/thttpd_patch | 89 ++++++++++++++++++++--------------------
 1 file changed, 44 insertions(+), 45 deletions(-)

diff --git a/sapi/thttpd/thttpd_patch b/sapi/thttpd/thttpd_patch
index 43c2e90937..19c8ac92eb 100644
--- a/sapi/thttpd/thttpd_patch
+++ b/sapi/thttpd/thttpd_patch
@@ -1,6 +1,6 @@
 diff -ur thttpd-2.21b/Makefile.in thttpd-2.21b-cool/Makefile.in
 --- thttpd-2.21b/Makefile.in	Thu Mar 29 20:36:21 2001
-+++ thttpd-2.21b-cool/Makefile.in	Tue Apr 29 00:05:19 2003
++++ thttpd-2.21b-cool/Makefile.in	Tue May  6 21:13:57 2003
 @@ -46,13 +46,15 @@
  
  # You shouldn't need to edit anything below here.
@@ -40,7 +40,7 @@ diff -ur thttpd-2.21b/Makefile.in thttpd-2.21b-cool/Makefile.in
  
 diff -ur thttpd-2.21b/config.h thttpd-2.21b-cool/config.h
 --- thttpd-2.21b/config.h	Mon Apr  9 23:57:36 2001
-+++ thttpd-2.21b-cool/config.h	Tue Apr 29 00:05:19 2003
++++ thttpd-2.21b-cool/config.h	Tue May  6 21:13:57 2003
 @@ -82,6 +82,11 @@
  */
  #define IDLE_READ_TIMELIMIT 60
@@ -64,7 +64,7 @@ diff -ur thttpd-2.21b/config.h thttpd-2.21b-cool/config.h
  ** index pages for directories that don't have an explicit index file.
 diff -ur thttpd-2.21b/configure thttpd-2.21b-cool/configure
 --- thttpd-2.21b/configure	Sat Apr 21 02:07:14 2001
-+++ thttpd-2.21b-cool/configure	Tue Apr 29 00:05:19 2003
++++ thttpd-2.21b-cool/configure	Tue May  6 21:13:57 2003
 @@ -1021,7 +1021,7 @@
  fi
  echo "$ac_t""$CPP" 1>&6
@@ -76,7 +76,7 @@ diff -ur thttpd-2.21b/configure thttpd-2.21b-cool/configure
  echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
 diff -ur thttpd-2.21b/configure.in thttpd-2.21b-cool/configure.in
 --- thttpd-2.21b/configure.in	Sat Apr 21 02:06:23 2001
-+++ thttpd-2.21b-cool/configure.in	Tue Apr 29 00:05:19 2003
++++ thttpd-2.21b-cool/configure.in	Tue May  6 21:13:57 2003
 @@ -64,7 +64,7 @@
  	AC_MSG_RESULT(no)   
  fi
@@ -88,7 +88,7 @@ diff -ur thttpd-2.21b/configure.in thttpd-2.21b-cool/configure.in
  
 diff -ur thttpd-2.21b/fdwatch.c thttpd-2.21b-cool/fdwatch.c
 --- thttpd-2.21b/fdwatch.c	Fri Apr 13 07:36:08 2001
-+++ thttpd-2.21b-cool/fdwatch.c	Tue Apr 29 00:05:19 2003
++++ thttpd-2.21b-cool/fdwatch.c	Tue May  6 21:13:57 2003
 @@ -419,6 +419,7 @@
      if ( pollfds == (struct pollfd*) 0 || poll_fdidx == (int*) 0 ||
  	 poll_rfdidx == (int*) 0 )
@@ -119,7 +119,7 @@ diff -ur thttpd-2.21b/fdwatch.c thttpd-2.21b-cool/fdwatch.c
      }
 diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
 --- thttpd-2.21b/libhttpd.c	Tue Apr 24 00:42:40 2001
-+++ thttpd-2.21b-cool/libhttpd.c	Tue Apr 29 00:05:46 2003
++++ thttpd-2.21b-cool/libhttpd.c	Tue May  6 21:14:56 2003
 @@ -56,6 +56,10 @@
  #include <unistd.h>
  #include <stdarg.h>
@@ -392,7 +392,17 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
      for (;;)
  	{
  	r = fread( buf, 1, sizeof(buf) - 1, fp );
-@@ -1436,7 +1516,7 @@
+@@ -1336,6 +1416,9 @@
+     if ( hc->tildemapped )
+ 	return 1;
+ 
++    if ( hc->hostname[0] == '.' || strchr( hc->hostname, '/' ) != (char*) 0 )
++	return 0;
++
+     /* Figure out the host directory. */
+ #ifdef VHOST_DIRLEVELS
+     httpd_realloc_str(
+@@ -1436,7 +1519,7 @@
      restlen = strlen( path );
      httpd_realloc_str( &rest, &maxrest, restlen );
      (void) strcpy( rest, path );
@@ -401,7 +411,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
  	rest[--restlen] = '\0';         /* trim trailing slash */
      if ( ! tildemapped )
  	/* Remove any leading slashes. */
-@@ -1603,6 +1683,70 @@
+@@ -1603,6 +1686,70 @@
  
  
  int
@@ -472,7 +482,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
  httpd_get_conn( httpd_server* hs, int listen_fd, httpd_conn* hc )
      {
      httpd_sockaddr sa;
-@@ -1612,6 +1756,7 @@
+@@ -1612,6 +1759,7 @@
  	{
  	hc->read_size = 0;
  	httpd_realloc_str( &hc->read_buf, &hc->read_size, 500 );
@@ -480,7 +490,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
  	hc->maxdecodedurl =
  	    hc->maxorigfilename = hc->maxexpnfilename = hc->maxencodings =
  	    hc->maxpathinfo = hc->maxquery = hc->maxaccept =
-@@ -1631,12 +1776,19 @@
+@@ -1631,12 +1779,19 @@
  	httpd_realloc_str( &hc->reqhost, &hc->maxreqhost, 0 );
  	httpd_realloc_str( &hc->hostdir, &hc->maxhostdir, 0 );
  	httpd_realloc_str( &hc->remoteuser, &hc->maxremoteuser, 0 );
@@ -501,7 +511,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
  
      /* Accept the new connection. */
      sz = sizeof(sa);
-@@ -1657,53 +1809,12 @@
+@@ -1657,53 +1812,12 @@
      hc->hs = hs;
      memset( &hc->client_addr, 0, sizeof(hc->client_addr) );
      memcpy( &hc->client_addr, &sa, sockaddr_len( &sa ) );
@@ -561,7 +571,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
      }
  
  
-@@ -1720,6 +1831,9 @@
+@@ -1720,6 +1834,9 @@
      {
      char c;
  
@@ -571,7 +581,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
      for ( ; hc->checked_idx < hc->read_idx; ++hc->checked_idx )
  	{
  	c = hc->read_buf[hc->checked_idx];
-@@ -1912,8 +2026,11 @@
+@@ -1912,8 +2029,11 @@
  	    eol = strpbrk( protocol, " \t\n\r" );
  	    if ( eol != (char*) 0 )
  		*eol = '\0';
@@ -584,19 +594,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
  	    }
  	}
      /* Check for HTTP/1.1 absolute URL. */
-@@ -2012,6 +2129,11 @@
- 		cp = strchr( hc->hdrhost, ':' );
- 		if ( cp != (char*) 0 )
- 		    *cp = '\0';
-+		if ( hc->hdrhost[0] == '.' || strpbrk( hc->hdrhost, "/\\" ) != 0 )
-+		    {
-+			httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" );
-+			return -1;
-+		    }
- 		}
- 	    else if ( strncasecmp( buf, "Accept:", 7 ) == 0 )
- 		{
-@@ -2129,6 +2251,7 @@
+@@ -2129,6 +2249,7 @@
  		cp = &buf[11];
  		cp += strspn( cp, " \t" );
  		if ( strcasecmp( cp, "keep-alive" ) == 0 )
@@ -604,7 +602,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
  		    hc->keep_alive = 1;
  		}
  #ifdef LOG_UNKNOWN_HEADERS
-@@ -2168,6 +2291,9 @@
+@@ -2168,6 +2289,9 @@
  	    }
  	}
  
@@ -614,7 +612,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
      if ( hc->one_one )
  	{
  	/* Check that HTTP/1.1 requests specify a host, as required. */
-@@ -2177,14 +2303,14 @@
+@@ -2177,14 +2301,14 @@
  	    return -1;
  	    }
  
@@ -636,7 +634,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
  	}
  
      /* Ok, the request has been parsed.  Now we resolve stuff that
-@@ -2349,15 +2475,24 @@
+@@ -2349,15 +2473,24 @@
  
  
  void
@@ -665,7 +663,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
      if ( hc->conn_fd >= 0 )
  	{
  	(void) close( hc->conn_fd );
-@@ -2370,7 +2505,12 @@
+@@ -2370,7 +2503,12 @@
      {
      if ( hc->initialized )
  	{
@@ -679,7 +677,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
  	free( (void*) hc->decodedurl );
  	free( (void*) hc->origfilename );
  	free( (void*) hc->expnfilename );
-@@ -2556,7 +2696,7 @@
+@@ -2556,7 +2694,7 @@
  	return -1;
  	}
  
@@ -688,7 +686,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
      if ( hc->method == METHOD_HEAD )
  	closedir( dirp );
      else if ( hc->method == METHOD_GET )
-@@ -3026,11 +3166,9 @@
+@@ -3026,11 +3164,9 @@
  post_post_garbage_hack( httpd_conn* hc )
      {
      char buf[2];
@@ -702,7 +700,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
      }
  
  
-@@ -3313,6 +3451,11 @@
+@@ -3313,6 +3449,11 @@
      int r;
      ClientData client_data;
  
@@ -714,7 +712,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
      if ( hc->method == METHOD_GET || hc->method == METHOD_POST )
  	{
  	httpd_clear_ndelay( hc->conn_fd );
-@@ -3369,6 +3512,7 @@
+@@ -3369,6 +3510,7 @@
      int expnlen, indxlen;
      char* cp;
      char* pi;
@@ -722,7 +720,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
  
      expnlen = strlen( hc->expnfilename );
  
-@@ -3561,6 +3705,16 @@
+@@ -3561,6 +3703,16 @@
  	 match( hc->hs->cgi_pattern, hc->expnfilename ) )
  	return cgi( hc );
  
@@ -739,7 +737,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
      /* It's not CGI.  If it's executable or there's pathinfo, someone's
      ** trying to either serve or run a non-CGI file as CGI.   Either case
      ** is prohibited.
-@@ -3594,32 +3748,47 @@
+@@ -3594,32 +3746,47 @@
  	hc->end_byte_loc = hc->sb.st_size - 1;
  
      figure_mime( hc );
@@ -793,7 +791,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
  	}
  
      return 0;
-@@ -3638,6 +3807,9 @@
+@@ -3638,6 +3805,9 @@
      return r;
      }
  
@@ -803,7 +801,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
  
  static void
  make_log_entry( httpd_conn* hc, struct timeval* nowP )
-@@ -3648,88 +3820,62 @@
+@@ -3648,88 +3818,62 @@
  
      if ( hc->hs->no_log )
  	return;
@@ -938,7 +936,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
      }
  
  
-@@ -3840,7 +3986,24 @@
+@@ -3840,7 +3984,24 @@
      {
  #ifdef HAVE_GETNAMEINFO
      static char str[200];
@@ -963,9 +961,10 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
      if ( getnameinfo( &saP->sa, sockaddr_len( saP ), str, sizeof(str), 0, 0, NI_NUMERICHOST ) != 0 )
  	{
  	str[0] = '?';
+Only in thttpd-2.21b-cool: libhttpd.c~
 diff -ur thttpd-2.21b/libhttpd.h thttpd-2.21b-cool/libhttpd.h
 --- thttpd-2.21b/libhttpd.h	Tue Apr 24 00:36:50 2001
-+++ thttpd-2.21b-cool/libhttpd.h	Tue Apr 29 00:05:19 2003
++++ thttpd-2.21b-cool/libhttpd.h	Tue May  6 21:13:57 2003
 @@ -69,6 +69,8 @@
      char* server_hostname;
      int port;
@@ -1027,7 +1026,7 @@ diff -ur thttpd-2.21b/libhttpd.h thttpd-2.21b-cool/libhttpd.h
  ** mallocced strings.
 diff -ur thttpd-2.21b/mime_encodings.txt thttpd-2.21b-cool/mime_encodings.txt
 --- thttpd-2.21b/mime_encodings.txt	Wed May 10 03:22:28 2000
-+++ thttpd-2.21b-cool/mime_encodings.txt	Tue Apr 29 00:05:19 2003
++++ thttpd-2.21b-cool/mime_encodings.txt	Tue May  6 21:13:57 2003
 @@ -3,6 +3,6 @@
  # A list of file extensions followed by the corresponding MIME encoding.
  # Extensions not found in the table proceed to the mime_types table.
@@ -1039,7 +1038,7 @@ diff -ur thttpd-2.21b/mime_encodings.txt thttpd-2.21b-cool/mime_encodings.txt
  uu	x-uuencode
 diff -ur thttpd-2.21b/mime_types.txt thttpd-2.21b-cool/mime_types.txt
 --- thttpd-2.21b/mime_types.txt	Sat Apr 14 04:53:30 2001
-+++ thttpd-2.21b-cool/mime_types.txt	Tue Apr 29 00:05:19 2003
++++ thttpd-2.21b-cool/mime_types.txt	Tue May  6 21:13:57 2003
 @@ -1,135 +1,138 @@
 -# mime_types.txt
 -#
@@ -1290,7 +1289,7 @@ diff -ur thttpd-2.21b/mime_types.txt thttpd-2.21b-cool/mime_types.txt
 +ice	x-conference/x-cooltalk
 diff -ur thttpd-2.21b/mmc.c thttpd-2.21b-cool/mmc.c
 --- thttpd-2.21b/mmc.c	Fri Apr 13 23:02:15 2001
-+++ thttpd-2.21b-cool/mmc.c	Tue Apr 29 00:05:19 2003
++++ thttpd-2.21b-cool/mmc.c	Tue May  6 21:13:57 2003
 @@ -70,6 +70,9 @@
      unsigned int hash;
      int hash_idx;
@@ -1393,7 +1392,7 @@ diff -ur thttpd-2.21b/mmc.c thttpd-2.21b-cool/mmc.c
  	else
 diff -ur thttpd-2.21b/mmc.h thttpd-2.21b-cool/mmc.h
 --- thttpd-2.21b/mmc.h	Fri Apr 13 07:36:54 2001
-+++ thttpd-2.21b-cool/mmc.h	Tue Apr 29 00:05:19 2003
++++ thttpd-2.21b-cool/mmc.h	Tue May  6 21:13:57 2003
 @@ -31,8 +31,9 @@
  /* Returns an mmap()ed area for the given file, or (void*) 0 on errors.
  ** If you have a stat buffer on the file, pass it in, otherwise pass 0.
@@ -1407,7 +1406,7 @@ diff -ur thttpd-2.21b/mmc.h thttpd-2.21b-cool/mmc.h
  ** If you have a stat buffer on the file, pass it in, otherwise pass 0.
 diff -ur thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
 --- thttpd-2.21b/thttpd.c	Tue Apr 24 00:41:57 2001
-+++ thttpd-2.21b-cool/thttpd.c	Tue Apr 29 00:05:19 2003
++++ thttpd-2.21b-cool/thttpd.c	Tue May  6 21:13:57 2003
 @@ -53,6 +53,10 @@
  #endif
  #include <unistd.h>
-- 
2.40.0