Project

General

Profile

Bug #1980 ยป lighttpd-trunk-host-headers.diff

peto, 2009-07-12 19:52

View differences:

request.c (working copy)
291 291
		return 0;
292 292
	}
293 293

  
294
	/* strip absolute URLs
295
	 * */
296

  
297
	buffer_copy_string_buffer(con->request.orig_uri, req->uri_raw);
298
	if (req->uri_raw->ptr[0] == '/') {
299
		buffer_copy_string_buffer(con->request.uri, req->uri_raw);
300
	} else if (req->uri_raw->ptr[0] == '*') {
301
		if (req->method != HTTP_METHOD_OPTIONS) {
302
			con->http_status = 400;
303
			return 0;
304
		}
305
		buffer_copy_string_buffer(con->request.uri, req->uri_raw);
306
	} else {
307
		/* GET http://www.example.org/foobar */
308
		char *sl;
309

  
310
		if (0 != strncmp(BUF_STR(req->uri_raw), "http://", 7)) {
311
			con->http_status = 400;
312
			return 0;
313
		}
314

  
315
		if (NULL == (sl = strchr(BUF_STR(req->uri_raw) + 7, '/'))) {
316
			con->http_status = 400;
317
			return 0;
318
		}
319

  
320
		buffer_copy_string(con->request.uri, sl);
321
		buffer_copy_string_len(con->request.http_host, BUF_STR(req->uri_raw) + 7, sl - BUF_STR(req->uri_raw) - 7);
322

  
323
		if (request_check_hostname(con->request.http_host)) {
324
			if (srv->srvconf.log_request_header_on_error) {
325
				TRACE("Host header is invalid (Status: 400), was %s", SAFE_BUF_STR(con->request.http_host));
326
			}
327
			con->http_status = 400;
328
			con->keep_alive = 0;
329

  
330
			buffer_reset(con->request.http_host);
331

  
332
			return 0;
333
		}
334
	}
335

  
336 294
	con->request.http_method = req->method;
337 295
	con->request.http_version = req->protocol;
338 296

  
......
436 394
				return 0;
437 395
			}
438 396
		} else if (cmp > 0 && 0 == (cmp = buffer_caseless_compare(CONST_BUF_LEN(ds->key), CONST_STR_LEN("Host")))) {
439
			if (request_check_hostname(ds->value)) {
440
				TRACE("Host header is invalid (Status: 400), was %s", SAFE_BUF_STR(ds->value));
441
				con->http_status = 400;
442
				con->keep_alive = 0;
443

  
444
				return 0;
445
			}
446

  
447 397
			if (!buffer_is_empty(con->request.http_host) && !buffer_is_equal(con->request.http_host, ds->value)) {
448 398
				TRACE("%s", "Host header is duplicate (Status: 400)");
449 399
				con->http_status = 400;
......
497 447

  
498 448
	con->header_len = i;
499 449

  
500
	/* do some post-processing */
501

  
502 450
	if (con->request.http_version == HTTP_VERSION_1_1) {
503
		if (keep_alive_set != HTTP_CONNECTION_CLOSE) {
504
			/* no Connection-Header sent */
505

  
506
			/* HTTP/1.1 -> keep-alive default TRUE */
507
			con->keep_alive = 1;
508
		} else {
509
			con->keep_alive = 0;
510
		}
511

  
512
		/* RFC 2616, 14.23 */
451
		/* RFC 2616, 14.23: all requests MUST have a Host header.  Note that this check is required
452
		 * even if the host will be replaced from the Request-URI.  */
513 453
		if (buffer_is_empty(con->request.http_host)) {
514 454
			con->http_status = 400;
515 455
			con->response.keep_alive = 0;
......
523 463
			}
524 464
			return 0;
525 465
		}
466
	}
467

  
468
	/* strip absolute URLs
469
	 * */
470

  
471
	buffer_copy_string_buffer(con->request.orig_uri, req->uri_raw);
472
	if (req->uri_raw->ptr[0] == '/') {
473
		buffer_copy_string_buffer(con->request.uri, req->uri_raw);
474
	} else if (req->uri_raw->ptr[0] == '*') {
475
		if (req->method != HTTP_METHOD_OPTIONS) {
476
			con->http_status = 400;
477
			return 0;
478
		}
479
		buffer_copy_string_buffer(con->request.uri, req->uri_raw);
526 480
	} else {
481
		/* GET http://www.example.org/foobar */
482
		char *sl;
483

  
484
		if (0 != strncmp(BUF_STR(req->uri_raw), "http://", 7)) {
485
			con->http_status = 400;
486
			return 0;
487
		}
488

  
489
		if (NULL == (sl = strchr(BUF_STR(req->uri_raw) + 7, '/'))) {
490
			con->http_status = 400;
491
			return 0;
492
		}
493

  
494
		buffer_copy_string(con->request.uri, sl);
495
		buffer_copy_string_len(con->request.http_host, BUF_STR(req->uri_raw) + 7, sl - BUF_STR(req->uri_raw) - 7);
496
	}
497

  
498

  
499
	/* do some post-processing */
500
	if (con->request.http_version == HTTP_VERSION_1_1) {
501
		if (keep_alive_set != HTTP_CONNECTION_CLOSE) {
502
			/* no Connection-Header sent */
503

  
504
			/* HTTP/1.1 -> keep-alive default TRUE */
505
			con->keep_alive = 1;
506
		} else {
507
			con->keep_alive = 0;
508
		}
509
	} else {
527 510
		if (keep_alive_set == HTTP_CONNECTION_KEEPALIVE) {
528 511
			/* no Connection-Header sent */
529 512

  
......
534 517
		}
535 518
	}
536 519

  
520
	if (!buffer_is_empty(con->request.http_host)) {
521
		if (request_check_hostname(con->request.http_host)) {
522
			if (srv->srvconf.log_request_header_on_error) {
523
				TRACE("Host header is invalid (Status: 400), was %s", SAFE_BUF_STR(con->request.http_host));
524
			}
525
			con->http_status = 400;
526
			con->keep_alive = 0;
527

  
528
			buffer_reset(con->request.http_host);
529

  
530
			return 0;
531
		}
532
	}
533

  
537 534
	switch(con->request.http_method) {
538 535
	case HTTP_METHOD_GET:
539 536
	case HTTP_METHOD_HEAD:
    (1-1/1)