You are viewing a plain text version of this content. The canonical link for it is here.
Posted to cvs@httpd.apache.org by ni...@apache.org on 2009/11/02 23:51:46 UTC

svn commit: r832172 - in /httpd/httpd/trunk: CHANGES server/vhost.c

Author: niq
Date: Mon Nov  2 22:51:45 2009
New Revision: 832172

URL: http://svn.apache.org/viewvc?rev=832172&view=rev
Log:
Vhosts: treating a pure-numeric Host header as a port is nonsense.
PR 44979

Modified:
    httpd/httpd/trunk/CHANGES
    httpd/httpd/trunk/server/vhost.c

Modified: httpd/httpd/trunk/CHANGES
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/CHANGES?rev=832172&r1=832171&r2=832172&view=diff
==============================================================================
--- httpd/httpd/trunk/CHANGES [utf-8] (original)
+++ httpd/httpd/trunk/CHANGES [utf-8] Mon Nov  2 22:51:45 2009
@@ -10,6 +10,9 @@
      mod_proxy_ftp: NULL pointer dereference on error paths.
      [Stefan Fritsch <sf fritsch.de>, Joe Orton]
 
+  *) vhost: A purely-numeric Host: header should not be treated as a port.
+     PR 44979 [Nick Kew]
+
   *) mod_ldap: Avoid 500 errors with "Unable to set LDAP_OPT_REFHOPLIMIT option to 5"
      when built against openldap by using SDK LDAP_OPT_REFHOPLIMIT defaults unless
      LDAPReferralHopLimit is explicitly configured.

Modified: httpd/httpd/trunk/server/vhost.c
URL: http://svn.apache.org/viewvc/httpd/httpd/trunk/server/vhost.c?rev=832172&r1=832171&r2=832172&view=diff
==============================================================================
--- httpd/httpd/trunk/server/vhost.c (original)
+++ httpd/httpd/trunk/server/vhost.c Mon Nov  2 22:51:45 2009
@@ -705,25 +705,27 @@
     char *dst;
     apr_port_t port;
     apr_status_t rv;
+    const char *c;
 
     /* According to RFC 2616, Host header field CAN be blank. */
     if (!*r->hostname) {
         return;
     }
 
+    /* apr_parse_addr_port will interpret a bare integer as a port
+     * which is incorrect in this context.  So treat it separately.
+     */
+    for (c = r->hostname; apr_isdigit(*c); ++c);
+    if (!*c) {  /* pure integer */
+        return;
+    }
+
     rv = apr_parse_addr_port(&host, &scope_id, &port, r->hostname, r->pool);
     if (rv != APR_SUCCESS || scope_id) {
         goto bad;
     }
 
-    if (!host && port) {
-        /* silly looking host ("Host: 123") but that isn't our job
-         * here to judge; apr_parse_addr_port() would think we had a port
-         * but no address
-         */
-        host = apr_itoa(r->pool, (int)port);
-    }
-    else if (port) {
+    if (port) {
         /* Don't throw the Host: header's port number away:
            save it in parsed_uri -- ap_get_server_port() needs it! */
         /* @@@ XXX there should be a better way to pass the port.