Re: BUG: http_vhost.c:fix_hostname
On Sat, 2002-06-22 at 13:56, Perry Harrington wrote: There is a bug in fix_hostname. The comment above function says that the hostname is lowercased, but it's not. the line which reads: *dst++ = *src++; ... should read: *dst++ = tolower(*src++); Thanks, I'll commit a change to convert to lowercase. All the virtual hosting code that uses r-hostname is case-insensitive, but IMHO it's better to normalize the case early to avoid surprising anyone who later tries to write, for example, a custom vhosting module based on a case-sensitive hash table. --Brian
Re: BUG: http_vhost.c:fix_hostname
Brian Pane wrote: On Sat, 2002-06-22 at 13:56, Perry Harrington wrote: There is a bug in fix_hostname. The comment above function says that the hostname is lowercased, but it's not. the line which reads: *dst++ = *src++; ... should read: *dst++ = tolower(*src++); Thanks, I'll commit a change to convert to lowercase. All the virtual hosting code that uses r-hostname is case-insensitive, but IMHO it's better to normalize the case early to avoid surprising anyone who later tries to write, for example, a custom vhosting module based on a case-sensitive hash table. The patch is needed, but I'm afraid it will be a bad idea to insert ++ into tolower(), since under some platforms it is a macro (AND NOT A FUNCTION!) defined by ctype.h, with more than 1 instance of the parameter, so src ends up being incremented by 2, or 3, or even 4. Maybe the following will be better: *dst++ = tolower(*src); ++src; -- Eli Marmor [EMAIL PROTECTED] CTO, Founder Netmask (El-Mar) Internet Technologies Ltd. __ Tel.: +972-9-766-1020 8 Yad-Harutzim St. Fax.: +972-9-766-1314 P.O.B. 7004 Mobile: +972-50-23-7338 Kfar-Saba 44641, Israel
Re: BUG: http_vhost.c:fix_hostname
On Sun, 2002-06-23 at 01:18, Eli Marmor wrote:
Brian Pane wrote:
On Sat, 2002-06-22 at 13:56, Perry Harrington wrote:
There is a bug in fix_hostname. The comment above function says that the
hostname
is lowercased, but it's not.
the line which reads:
*dst++ = *src++;
...
should read:
*dst++ = tolower(*src++);
Thanks, I'll commit a change to convert to lowercase. All the virtual
hosting code that uses r-hostname is case-insensitive, but IMHO it's
better to normalize the case early to avoid surprising anyone who later
tries to write, for example, a custom vhosting module based on a
case-sensitive hash table.
The patch is needed, but I'm afraid it will be a bad idea to insert
++ into tolower(), since under some platforms it is a macro (AND NOT
A FUNCTION!) defined by ctype.h, with more than 1 instance of the
parameter, so src ends up being incremented by 2, or 3, or even 4.
Maybe the following will be better:
*dst++ = tolower(*src);
++src;
The change that I committed for this actually looks like:
else if (apr_isalpha(*dst)) {
*dst = apr_tolower(*dst);
}
so it's safe.
But now that you mention it, ap_strcasestr() is vulnerable
to the multiple-increment problem. Fortunately, it's not
actually used anywhere in the core server--and there's probably
no reason to start using it now that apr_strmatch() is available--
but I'll fix the ap_strcasestr() code just in case any third
party modules depend on it.
--Brian
BUG: http_vhost.c:fix_hostname
There is a bug in fix_hostname. The comment above function says that the hostname
is lowercased, but it's not.
the line which reads:
*dst++ = *src++;
in context of:
goto bad;
else
break;
}
*dst++ = *src++;
}
/* strip trailing gubbins */
if (dst host dst[-1] == '.') {
dst[-1] = '\0';
} else {
should read:
*dst++ = tolower(*src++);
Thanks,
--Perry
--
Perry Harrington Director ofzelur xuniL ()
perry at webcom dot com System ArchitectureThink Blue. /\
Those who would give up essential liberty to purchase a little temporary safety
deserve neither liberty or safety. Nor, are they likely to end up with either.
-- Benjamin Franklin
