Date: Thu, 20 Apr 2000 03:57:10 +0100 From: Ben Smithurst <ben@scientia.demon.co.uk> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/18106: fetch(1) sends incorrect 'Host' header for FTP URLs Message-ID: <E12i79S-000MaI-00@strontium.scientia.demon.co.uk>
next in thread | raw e-mail | index | archive | help
>Number: 18106 >Category: bin >Synopsis: fetch(1) sends incorrect 'Host' header for FTP URLs >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Apr 19 21:50:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Ben Smithurst >Release: FreeBSD 4.0-STABLE i386 >Organization: >Environment: FreeBSD strontium.scientia.demon.co.uk 4.0-STABLE FreeBSD 4.0-STABLE #33: Sat Apr 15 19:48:18 BST 2000 ben@platinum.scientia.demon.co.uk:/usr/src/sys/compile/STRONTIUM i386 bug seems present in -current code too. >Description: When fetch(1) is downloading an ftp URL via an HTTP proxy, it sends the Host header with the first character of the hostname missing. This is because it assumes the prefix is 7 characters ("http://") when that's not true for FTP. This is probably unimportant, as I don't know how much the Host header matters for FTP (probably not at all), but should probably be fixed anyway. >How-To-Repeat: ben@strontium:~/tmp$ ktrace fetch -o /dev/null ftp://ftp.freebsd.org/ ... ben@strontium:~/tmp$ kdump | grep Host: Host: tp.freebsd.org\r >Fix: Index: http.c =================================================================== RCS file: /usr/cvs/src/usr.bin/fetch/http.c,v retrieving revision 1.31 diff -u -r1.31 http.c --- http.c 2000/03/08 13:02:10 1.31 +++ http.c 2000/04/20 02:53:51 @@ -261,7 +261,10 @@ if (strncmp(uri, "http://", 7) == 0 || strncmp(uri, "ftp://", 6) == 0) { char *hosthdr; - slash = strchr(uri + 7, '/'); + int plen; + + plen = (uri[0] == 'h')? 7 : 6; + slash = strchr(uri + plen, '/'); if (slash == 0) { warnx("`%s': malformed `http' URL", uri); rv = EX_USAGE; @@ -273,10 +276,9 @@ file = safe_strdup(slash); else file = safe_strndup(slash, ques - slash); - hosthdr = alloca(sizeof("Host: \r\n") + slash - uri - 7); - strcpy(hosthdr, "Host: "); - strncat(hosthdr, uri + 7, slash - uri - 7); - strcat(hosthdr, "\r\n"); + hosthdr = alloca(sizeof("Host: \r\n") + slash - uri - plen); + sprintf(hosthdr, "Host: %.*s\r\n", + slash - uri - plen, uri + plen); https->http_host_header = safe_strdup(hosthdr); } else { slash = uri; (The previous code looked suspect to me anyway. As the strncat wouldn't append a NUL byte, it looked to me as if the strcat following it was assuming alloca returned zero-filled memory. Whether that's the case or not (the man-page doesn't say so, so I'd assume it isn't), it would seem unwise to rely on it. I think the sprintf with fixed size %.*s expansion is probably safer.) >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E12i79S-000MaI-00>