From d57d49d2fdb9e0325e0e35099fb3865717592729 Mon Sep 17 00:00:00 2001
From: "William A. Rowe Jr" <wrowe@apache.org>
Date: Thu, 6 Jul 2017 00:04:41 +0000
Subject: [PATCH] Fix negotiation type parsing to be strict about "*", "*/*"
 and "type/*" comparisons.
MIME-Version: 1.0
Content-Type: text/plain; charset=utf8
Content-Transfer-Encoding: 8bit

Submitted by: wrowe, Robert Święcki <robert swiecki.net>
Backports: r1800917
Reviewed by: wrowe, jim, jchampion



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.4.x@1800956 13f79535-47bb-0310-9956-ffa450edef68
---
 STATUS                            |  6 ------
 modules/mappers/mod_negotiation.c | 11 ++++++++---
 2 files changed, 8 insertions(+), 9 deletions(-)

diff --git a/STATUS b/STATUS
index 6f4ef92edc..1f6f60ab69 100644
--- a/STATUS
+++ b/STATUS
@@ -115,12 +115,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   *) Fix negotiation type parsing to be strict about "*", "*/*" and "type/*"
-      comparisons.
-      Submitted by: wrowe, Robert Święcki <robert swiecki.net>
-      trunk patch: http://svn.apache.org/r1800917
-      +1: wrowe, jim, jchampion
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
diff --git a/modules/mappers/mod_negotiation.c b/modules/mappers/mod_negotiation.c
index b008f5cb1b..1b301fbeab 100644
--- a/modules/mappers/mod_negotiation.c
+++ b/modules/mappers/mod_negotiation.c
@@ -1332,14 +1332,19 @@ static int mime_match(accept_rec *accept_r, var_rec *avail)
     const char *avail_type = avail->mime_type;
     int len = strlen(accept_type);
 
-    if (accept_type[0] == '*') {        /* Anything matches star/star */
+    if ((len == 1 && accept_type[0] == '*')
+            || (len == 3 && !strncmp(accept_type, "*/*", 3))) {
+        /* Anything matches star or star/star */
         if (avail->mime_stars < 1) {
             avail->mime_stars = 1;
         }
         return 1;
     }
-    else if ((accept_type[len - 1] == '*') &&
-             !strncmp(accept_type, avail_type, len - 2)) {
+    else if (len > 2 && accept_type[len - 2] == '/'
+                     && accept_type[len - 1] == '*'
+                     && !strncmp(accept_type, avail_type, len - 2)
+                     && avail_type[len - 2] == '/') {
+        /* Any subtype matches for type/star */
         if (avail->mime_stars < 2) {
             avail->mime_stars = 2;
         }
-- 
2.40.0