You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ni...@apache.org on 2009/11/02 23:51:46 UTC
svn commit: r832172 - in /httpd/httpd/trunk: CHANGES server/vhost.c
Author: niq
Date: Mon Nov 2 22:51:45 2009
New Revision: 832172
URL: http://svn.apache.org/viewvc?rev=832172&view=rev
Log:
Vhosts: treating a pure-numeric Host header as a port is nonsense.
PR 44979
Modified:
httpd/httpd/trunk/CHANGES
httpd/httpd/trunk/server/vhost.c
Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=832172&r1=832171&r2=832172&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Nov 2 22:51:45 2009
@@ -10,6 +10,9 @@
mod_proxy_ftp: NULL pointer dereference on error paths.
[Stefan Fritsch <sf fritsch.de>, Joe Orton]
+ *) vhost: A purely-numeric Host: header should not be treated as a port.
+ PR 44979 [Nick Kew]
+
*) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
LDAPReferralHopLimit is explicitly configured.
Modified: httpd/httpd/trunk/server/vhost.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/vhost.c?rev=832172&r1=832171&r2=832172&view=diff
==============================================================================
--- httpd/httpd/trunk/server/vhost.c (original)
+++ httpd/httpd/trunk/server/vhost.c Mon Nov 2 22:51:45 2009
@@ -705,25 +705,27 @@
char *dst;
apr_port_t port;
apr_status_t rv;
+ const char *c;
/* According to RFC 2616, Host header field CAN be blank. */
if (!*r->hostname) {
return;
}
+ /* apr_parse_addr_port will interpret a bare integer as a port
+ * which is incorrect in this context. So treat it separately.
+ */
+ for (c = r->hostname; apr_isdigit(*c); ++c);
+ if (!*c) { /* pure integer */
+ return;
+ }
+
rv = apr_parse_addr_port(&host, &scope_id, &port, r->hostname, r->pool);
if (rv != APR_SUCCESS || scope_id) {
goto bad;
}
- if (!host && port) {
- /* silly looking host ("Host: 123") but that isn't our job
- * here to judge; apr_parse_addr_port() would think we had a port
- * but no address
- */
- host = apr_itoa(r->pool, (int)port);
- }
- else if (port) {
+ if (port) {
/* Don't throw the Host: header's port number away:
save it in parsed_uri -- ap_get_server_port() needs it! */
/* @@@ XXX there should be a better way to pass the port.