Improved protection against hostname attacks

2024-11-28 20:34:29 +08:00 · 2003-05-06 19:17:50 +00:00 · 2003-05-06 19:17:50 +00:00 · 33a10b342e
commit 33a10b342e
parent 8c6a712a65
1 changed files with 44 additions and 45 deletions
--- a/sapi/thttpd/thttpd_patch
+++ b/sapi/thttpd/thttpd_patch
@ -1,6 +1,6 @@
 diff -ur thttpd-2.21b/Makefile.in thttpd-2.21b-cool/Makefile.in
 --- thttpd-2.21b/Makefile.in	Thu Mar 29 20:36:21 2001
-+++ thttpd-2.21b-cool/Makefile.in	Tue Apr 29 00:05:19 2003
+++ thttpd-2.21b-cool/Makefile.in	Tue May  6 21:13:57 2003
@@ -46,13 +46,15 @@
 
 # You shouldn't need to edit anything below here.
@ -40,7 +40,7 @@ diff -ur thttpd-2.21b/Makefile.in thttpd-2.21b-cool/Makefile.in
 
 diff -ur thttpd-2.21b/config.h thttpd-2.21b-cool/config.h
 --- thttpd-2.21b/config.h	Mon Apr  9 23:57:36 2001
-+++ thttpd-2.21b-cool/config.h	Tue Apr 29 00:05:19 2003
+++ thttpd-2.21b-cool/config.h	Tue May  6 21:13:57 2003
@@ -82,6 +82,11 @@
 */
 #define IDLE_READ_TIMELIMIT 60
@ -64,7 +64,7 @@ diff -ur thttpd-2.21b/config.h thttpd-2.21b-cool/config.h
 ** index pages for directories that don't have an explicit index file.
 diff -ur thttpd-2.21b/configure thttpd-2.21b-cool/configure
 --- thttpd-2.21b/configure	Sat Apr 21 02:07:14 2001
-+++ thttpd-2.21b-cool/configure	Tue Apr 29 00:05:19 2003
+++ thttpd-2.21b-cool/configure	Tue May  6 21:13:57 2003
@@ -1021,7 +1021,7 @@
 fi
 echo "$ac_t""$CPP" 1>&6
@ -76,7 +76,7 @@ diff -ur thttpd-2.21b/configure thttpd-2.21b-cool/configure
 echo $ac_n "checking for $ac_hdr""... $ac_c" 1>&6
 diff -ur thttpd-2.21b/configure.in thttpd-2.21b-cool/configure.in
 --- thttpd-2.21b/configure.in	Sat Apr 21 02:06:23 2001
-+++ thttpd-2.21b-cool/configure.in	Tue Apr 29 00:05:19 2003
+++ thttpd-2.21b-cool/configure.in	Tue May  6 21:13:57 2003
@@ -64,7 +64,7 @@
 	AC_MSG_RESULT(no)   
 fi
@ -88,7 +88,7 @@ diff -ur thttpd-2.21b/configure.in thttpd-2.21b-cool/configure.in
 
 diff -ur thttpd-2.21b/fdwatch.c thttpd-2.21b-cool/fdwatch.c
 --- thttpd-2.21b/fdwatch.c	Fri Apr 13 07:36:08 2001
-+++ thttpd-2.21b-cool/fdwatch.c	Tue Apr 29 00:05:19 2003
+++ thttpd-2.21b-cool/fdwatch.c	Tue May  6 21:13:57 2003
@@ -419,6 +419,7 @@
     if ( pollfds == (struct pollfd*) 0 || poll_fdidx == (int*) 0 ||
 	 poll_rfdidx == (int*) 0 )
@ -119,7 +119,7 @@ diff -ur thttpd-2.21b/fdwatch.c thttpd-2.21b-cool/fdwatch.c
     }
 diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
 --- thttpd-2.21b/libhttpd.c	Tue Apr 24 00:42:40 2001
-+++ thttpd-2.21b-cool/libhttpd.c	Tue Apr 29 00:05:46 2003
+++ thttpd-2.21b-cool/libhttpd.c	Tue May  6 21:14:56 2003
@@ -56,6 +56,10 @@
 #include <unistd.h>
 #include <stdarg.h>
@ -392,7 +392,17 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
     for (;;)
 	{
 	r = fread( buf, 1, sizeof(buf) - 1, fp );
-@@ -1436,7 +1516,7 @@
+@@ -1336,6 +1416,9 @@
+     if ( hc->tildemapped )
+ 	return 1;
+ 
+    if ( hc->hostname[0] == '.' || strchr( hc->hostname, '/' ) != (char*) 0 )
+	return 0;
+
+     /* Figure out the host directory. */
+ #ifdef VHOST_DIRLEVELS
+     httpd_realloc_str(
+@@ -1436,7 +1519,7 @@
     restlen = strlen( path );
     httpd_realloc_str( &rest, &maxrest, restlen );
     (void) strcpy( rest, path );
@ -401,7 +411,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
 	rest[--restlen] = '\0';         /* trim trailing slash */
     if ( ! tildemapped )
 	/* Remove any leading slashes. */
-@@ -1603,6 +1683,70 @@
+@@ -1603,6 +1686,70 @@
 
 
 int
@ -472,7 +482,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
 httpd_get_conn( httpd_server* hs, int listen_fd, httpd_conn* hc )
     {
     httpd_sockaddr sa;
-@@ -1612,6 +1756,7 @@
+@@ -1612,6 +1759,7 @@
 	{
 	hc->read_size = 0;
 	httpd_realloc_str( &hc->read_buf, &hc->read_size, 500 );
@ -480,7 +490,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
 	hc->maxdecodedurl =
 	    hc->maxorigfilename = hc->maxexpnfilename = hc->maxencodings =
 	    hc->maxpathinfo = hc->maxquery = hc->maxaccept =
-@@ -1631,12 +1776,19 @@
+@@ -1631,12 +1779,19 @@
 	httpd_realloc_str( &hc->reqhost, &hc->maxreqhost, 0 );
 	httpd_realloc_str( &hc->hostdir, &hc->maxhostdir, 0 );
 	httpd_realloc_str( &hc->remoteuser, &hc->maxremoteuser, 0 );
@ -501,7 +511,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
 
     /* Accept the new connection. */
     sz = sizeof(sa);
-@@ -1657,53 +1809,12 @@
+@@ -1657,53 +1812,12 @@
     hc->hs = hs;
     memset( &hc->client_addr, 0, sizeof(hc->client_addr) );
     memcpy( &hc->client_addr, &sa, sockaddr_len( &sa ) );
@ -561,7 +571,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
     }
 
 
-@@ -1720,6 +1831,9 @@
+@@ -1720,6 +1834,9 @@
     {
     char c;
 
@ -571,7 +581,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
     for ( ; hc->checked_idx < hc->read_idx; ++hc->checked_idx )
 	{
 	c = hc->read_buf[hc->checked_idx];
-@@ -1912,8 +2026,11 @@
+@@ -1912,8 +2029,11 @@
 	    eol = strpbrk( protocol, " \t\n\r" );
 	    if ( eol != (char*) 0 )
 		*eol = '\0';
@ -584,19 +594,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
 	    }
 	}
     /* Check for HTTP/1.1 absolute URL. */
-@@ -2012,6 +2129,11 @@
- 		cp = strchr( hc->hdrhost, ':' );
- 		if ( cp != (char*) 0 )
- 		    *cp = '\0';
-+		if ( hc->hdrhost[0] == '.' || strpbrk( hc->hdrhost, "/\\" ) != 0 )
-+		    {
-+			httpd_send_err( hc, 400, httpd_err400title, "", httpd_err400form, "" );
-+			return -1;
-+		    }
- 		}
- 	    else if ( strncasecmp( buf, "Accept:", 7 ) == 0 )
- 		{
-@@ -2129,6 +2251,7 @@
+@@ -2129,6 +2249,7 @@
 		cp = &buf[11];
 		cp += strspn( cp, " \t" );
 		if ( strcasecmp( cp, "keep-alive" ) == 0 )
@ -604,7 +602,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
 		    hc->keep_alive = 1;
 		}
 #ifdef LOG_UNKNOWN_HEADERS
-@@ -2168,6 +2291,9 @@
+@@ -2168,6 +2289,9 @@
 	    }
 	}
 
@ -614,7 +612,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
     if ( hc->one_one )
 	{
 	/* Check that HTTP/1.1 requests specify a host, as required. */
-@@ -2177,14 +2303,14 @@
+@@ -2177,14 +2301,14 @@
 	    return -1;
 	    }
 
@ -636,7 +634,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
 	}
 
     /* Ok, the request has been parsed.  Now we resolve stuff that
-@@ -2349,15 +2475,24 @@
+@@ -2349,15 +2473,24 @@
 
 
 void
@ -665,7 +663,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
     if ( hc->conn_fd >= 0 )
 	{
 	(void) close( hc->conn_fd );
-@@ -2370,7 +2505,12 @@
+@@ -2370,7 +2503,12 @@
     {
     if ( hc->initialized )
 	{
@ -679,7 +677,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
 	free( (void*) hc->decodedurl );
 	free( (void*) hc->origfilename );
 	free( (void*) hc->expnfilename );
-@@ -2556,7 +2696,7 @@
+@@ -2556,7 +2694,7 @@
 	return -1;
 	}
 
@ -688,7 +686,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
     if ( hc->method == METHOD_HEAD )
 	closedir( dirp );
     else if ( hc->method == METHOD_GET )
-@@ -3026,11 +3166,9 @@
+@@ -3026,11 +3164,9 @@
 post_post_garbage_hack( httpd_conn* hc )
     {
     char buf[2];
@ -702,7 +700,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
     }
 
 
-@@ -3313,6 +3451,11 @@
+@@ -3313,6 +3449,11 @@
     int r;
     ClientData client_data;
 
@ -714,7 +712,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
     if ( hc->method == METHOD_GET || hc->method == METHOD_POST )
 	{
 	httpd_clear_ndelay( hc->conn_fd );
-@@ -3369,6 +3512,7 @@
+@@ -3369,6 +3510,7 @@
     int expnlen, indxlen;
     char* cp;
     char* pi;
@ -722,7 +720,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
 
     expnlen = strlen( hc->expnfilename );
 
-@@ -3561,6 +3705,16 @@
+@@ -3561,6 +3703,16 @@
 	 match( hc->hs->cgi_pattern, hc->expnfilename ) )
 	return cgi( hc );
 
@ -739,7 +737,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
     /* It's not CGI.  If it's executable or there's pathinfo, someone's
     ** trying to either serve or run a non-CGI file as CGI.   Either case
     ** is prohibited.
-@@ -3594,32 +3748,47 @@
+@@ -3594,32 +3746,47 @@
 	hc->end_byte_loc = hc->sb.st_size - 1;
 
     figure_mime( hc );
@ -793,7 +791,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
 	}
 
     return 0;
-@@ -3638,6 +3807,9 @@
+@@ -3638,6 +3805,9 @@
     return r;
     }
 
@ -803,7 +801,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
 
 static void
 make_log_entry( httpd_conn* hc, struct timeval* nowP )
-@@ -3648,88 +3820,62 @@
+@@ -3648,88 +3818,62 @@
 
     if ( hc->hs->no_log )
 	return;
@ -938,7 +936,7 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
     }
 
 
-@@ -3840,7 +3986,24 @@
+@@ -3840,7 +3984,24 @@
     {
 #ifdef HAVE_GETNAMEINFO
     static char str[200];
@ -963,9 +961,10 @@ diff -ur thttpd-2.21b/libhttpd.c thttpd-2.21b-cool/libhttpd.c
     if ( getnameinfo( &saP->sa, sockaddr_len( saP ), str, sizeof(str), 0, 0, NI_NUMERICHOST ) != 0 )
 	{
 	str[0] = '?';
+Only in thttpd-2.21b-cool: libhttpd.c~
 diff -ur thttpd-2.21b/libhttpd.h thttpd-2.21b-cool/libhttpd.h
 --- thttpd-2.21b/libhttpd.h	Tue Apr 24 00:36:50 2001
-+++ thttpd-2.21b-cool/libhttpd.h	Tue Apr 29 00:05:19 2003
+++ thttpd-2.21b-cool/libhttpd.h	Tue May  6 21:13:57 2003
@@ -69,6 +69,8 @@
     char* server_hostname;
     int port;
@ -1027,7 +1026,7 @@ diff -ur thttpd-2.21b/libhttpd.h thttpd-2.21b-cool/libhttpd.h
 ** mallocced strings.
 diff -ur thttpd-2.21b/mime_encodings.txt thttpd-2.21b-cool/mime_encodings.txt
 --- thttpd-2.21b/mime_encodings.txt	Wed May 10 03:22:28 2000
-+++ thttpd-2.21b-cool/mime_encodings.txt	Tue Apr 29 00:05:19 2003
+++ thttpd-2.21b-cool/mime_encodings.txt	Tue May  6 21:13:57 2003
@@ -3,6 +3,6 @@
 # A list of file extensions followed by the corresponding MIME encoding.
 # Extensions not found in the table proceed to the mime_types table.
@ -1039,7 +1038,7 @@ diff -ur thttpd-2.21b/mime_encodings.txt thttpd-2.21b-cool/mime_encodings.txt
 uu	x-uuencode
 diff -ur thttpd-2.21b/mime_types.txt thttpd-2.21b-cool/mime_types.txt
 --- thttpd-2.21b/mime_types.txt	Sat Apr 14 04:53:30 2001
-+++ thttpd-2.21b-cool/mime_types.txt	Tue Apr 29 00:05:19 2003
+++ thttpd-2.21b-cool/mime_types.txt	Tue May  6 21:13:57 2003
@@ -1,135 +1,138 @@
 -# mime_types.txt
 -#
@ -1290,7 +1289,7 @@ diff -ur thttpd-2.21b/mime_types.txt thttpd-2.21b-cool/mime_types.txt
 +ice	x-conference/x-cooltalk
 diff -ur thttpd-2.21b/mmc.c thttpd-2.21b-cool/mmc.c
 --- thttpd-2.21b/mmc.c	Fri Apr 13 23:02:15 2001
-+++ thttpd-2.21b-cool/mmc.c	Tue Apr 29 00:05:19 2003
+++ thttpd-2.21b-cool/mmc.c	Tue May  6 21:13:57 2003
@@ -70,6 +70,9 @@
     unsigned int hash;
     int hash_idx;
@ -1393,7 +1392,7 @@ diff -ur thttpd-2.21b/mmc.c thttpd-2.21b-cool/mmc.c
 	else
 diff -ur thttpd-2.21b/mmc.h thttpd-2.21b-cool/mmc.h
 --- thttpd-2.21b/mmc.h	Fri Apr 13 07:36:54 2001
-+++ thttpd-2.21b-cool/mmc.h	Tue Apr 29 00:05:19 2003
+++ thttpd-2.21b-cool/mmc.h	Tue May  6 21:13:57 2003
@@ -31,8 +31,9 @@
 /* Returns an mmap()ed area for the given file, or (void*) 0 on errors.
 ** If you have a stat buffer on the file, pass it in, otherwise pass 0.
@ -1407,7 +1406,7 @@ diff -ur thttpd-2.21b/mmc.h thttpd-2.21b-cool/mmc.h
 ** If you have a stat buffer on the file, pass it in, otherwise pass 0.
 diff -ur thttpd-2.21b/thttpd.c thttpd-2.21b-cool/thttpd.c
 --- thttpd-2.21b/thttpd.c	Tue Apr 24 00:41:57 2001
-+++ thttpd-2.21b-cool/thttpd.c	Tue Apr 29 00:05:19 2003
+++ thttpd-2.21b-cool/thttpd.c	Tue May  6 21:13:57 2003
@@ -53,6 +53,10 @@
 #endif
 #include <unistd.h>