[src/trunk]: src/libexec/httpd Fixed off-by-one in virtualhost processing. Pr...

[shm <shm%NetBSD.org@localhost>]

details:   https://anonhg.NetBSD.org/src/rev/5a5a70f6257f
branches:  trunk
changeset: 333898:5a5a70f6257f
user:      shm <shm%NetBSD.org@localhost>
date:      Fri Nov 21 08:54:12 2014 +0000

description:
Fixed off-by-one in virtualhost processing. Previous code was checking if
Host header is a prefix of any existing vhost. This behaviour might be used to
uncover existing vitual hosts from the remote.

OK @mrg

diffstat:

 libexec/httpd/bozohttpd.c |  6 +++---
 1 files changed, 3 insertions(+), 3 deletions(-)

diffs (20 lines):

diff -r a37896039523 -r 5a5a70f6257f libexec/httpd/bozohttpd.c
--- a/libexec/httpd/bozohttpd.c Fri Nov 21 06:03:04 2014 +0000
+++ b/libexec/httpd/bozohttpd.c Fri Nov 21 08:54:12 2014 +0000
@@ -1,4 +1,4 @@
-/*     $NetBSD: bozohttpd.c,v 1.57 2014/10/10 05:10:59 mrg Exp $       */
+/*     $NetBSD: bozohttpd.c,v 1.58 2014/11/21 08:54:12 shm Exp $       */
 
 /*     $eterna: bozohttpd.c,v 1.178 2011/11/18 09:21:15 mrg Exp $      */
 
@@ -1093,8 +1093,8 @@
                                }
                                debug((httpd, DEBUG_OBESE, "looking at dir``%s''",
                                   d->d_name));
-                               if (strncasecmp(d->d_name, request->hr_host,
-                                   len) == 0) {
+                               if (d->d_namlen == len && strcmp(d->d_name,
+                                   request->hr_host) == 0) {
                                        /* found it, punch it */
                                        debug((httpd, DEBUG_OBESE, "found it punch it"));
                                        request->hr_virthostname =