Date: Thu, 20 Apr 2000 03:57:10 +0100 From: Ben Smithurst <ben@scientia.demon.co.uk> To: FreeBSD-gnats-submit@freebsd.org Subject: bin/18106: fetch(1) sends incorrect 'Host' header for FTP URLs Message-ID: <E12i79S-000MaI-00@strontium.scientia.demon.co.uk>
next in thread | raw e-mail | index | archive | help
>Number: 18106
>Category: bin
>Synopsis: fetch(1) sends incorrect 'Host' header for FTP URLs
>Confidential: no
>Severity: non-critical
>Priority: low
>Responsible: freebsd-bugs
>State: open
>Quarter:
>Keywords:
>Date-Required:
>Class: sw-bug
>Submitter-Id: current-users
>Arrival-Date: Wed Apr 19 21:50:00 PDT 2000
>Closed-Date:
>Last-Modified:
>Originator: Ben Smithurst
>Release: FreeBSD 4.0-STABLE i386
>Organization:
>Environment:
FreeBSD strontium.scientia.demon.co.uk 4.0-STABLE FreeBSD 4.0-STABLE #33: Sat Apr 15 19:48:18 BST 2000 ben@platinum.scientia.demon.co.uk:/usr/src/sys/compile/STRONTIUM i386
bug seems present in -current code too.
>Description:
When fetch(1) is downloading an ftp URL via an HTTP proxy, it sends the
Host header with the first character of the hostname missing. This is
because it assumes the prefix is 7 characters ("http://") when that's
not true for FTP.
This is probably unimportant, as I don't know how much the Host header
matters for FTP (probably not at all), but should probably be fixed
anyway.
>How-To-Repeat:
ben@strontium:~/tmp$ ktrace fetch -o /dev/null ftp://ftp.freebsd.org/
...
ben@strontium:~/tmp$ kdump | grep Host:
Host: tp.freebsd.org\r
>Fix:
Index: http.c
===================================================================
RCS file: /usr/cvs/src/usr.bin/fetch/http.c,v
retrieving revision 1.31
diff -u -r1.31 http.c
--- http.c 2000/03/08 13:02:10 1.31
+++ http.c 2000/04/20 02:53:51
@@ -261,7 +261,10 @@
if (strncmp(uri, "http://", 7) == 0 || strncmp(uri, "ftp://", 6) == 0) {
char *hosthdr;
- slash = strchr(uri + 7, '/');
+ int plen;
+
+ plen = (uri[0] == 'h')? 7 : 6;
+ slash = strchr(uri + plen, '/');
if (slash == 0) {
warnx("`%s': malformed `http' URL", uri);
rv = EX_USAGE;
@@ -273,10 +276,9 @@
file = safe_strdup(slash);
else
file = safe_strndup(slash, ques - slash);
- hosthdr = alloca(sizeof("Host: \r\n") + slash - uri - 7);
- strcpy(hosthdr, "Host: ");
- strncat(hosthdr, uri + 7, slash - uri - 7);
- strcat(hosthdr, "\r\n");
+ hosthdr = alloca(sizeof("Host: \r\n") + slash - uri - plen);
+ sprintf(hosthdr, "Host: %.*s\r\n",
+ slash - uri - plen, uri + plen);
https->http_host_header = safe_strdup(hosthdr);
} else {
slash = uri;
(The previous code looked suspect to me anyway. As the strncat wouldn't
append a NUL byte, it looked to me as if the strcat following it was
assuming alloca returned zero-filled memory. Whether that's the case
or not (the man-page doesn't say so, so I'd assume it isn't), it would
seem unwise to rely on it. I think the sprintf with fixed size %.*s
expansion is probably safer.)
>Release-Note:
>Audit-Trail:
>Unformatted:
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-bugs" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?E12i79S-000MaI-00>