From owner-freebsd-bugs Wed Apr 19 21:50: 9 2000 Delivered-To: freebsd-bugs@freebsd.org Received: from freefall.freebsd.org (freefall.FreeBSD.ORG [204.216.27.21]) by hub.freebsd.org (Postfix) with ESMTP id C57DF37BD90 for ; Wed, 19 Apr 2000 21:50:03 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: (from gnats@localhost) by freefall.freebsd.org (8.9.3/8.9.2) id VAA93582; Wed, 19 Apr 2000 21:50:01 -0700 (PDT) (envelope-from gnats@FreeBSD.org) Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13]) by hub.freebsd.org (Postfix) with ESMTP id 8E32A37BDDD for ; Wed, 19 Apr 2000 21:49:16 -0700 (PDT) (envelope-from ben@scientia.demon.co.uk) Received: from strontium.scientia.demon.co.uk ([192.168.91.36] ident=exim) by scientia.demon.co.uk with esmtp (Exim 3.12 #1) id 12i79T-0000Yp-00 for FreeBSD-gnats-submit@freebsd.org; Thu, 20 Apr 2000 03:57:11 +0100 Received: (from ben) by strontium.scientia.demon.co.uk (Exim 3.12 #7) id 12i79S-000MaI-00 for FreeBSD-gnats-submit@freebsd.org; Thu, 20 Apr 2000 03:57:10 +0100 Message-Id: Date: Thu, 20 Apr 2000 03:57:10 +0100 From: Ben Smithurst Reply-To: ben@scientia.demon.co.uk To: FreeBSD-gnats-submit@freebsd.org X-Send-Pr-Version: 3.2 Subject: bin/18106: fetch(1) sends incorrect 'Host' header for FTP URLs Sender: owner-freebsd-bugs@FreeBSD.ORG Precedence: bulk X-Loop: FreeBSD.org >Number: 18106 >Category: bin >Synopsis: fetch(1) sends incorrect 'Host' header for FTP URLs >Confidential: no >Severity: non-critical >Priority: low >Responsible: freebsd-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: sw-bug >Submitter-Id: current-users >Arrival-Date: Wed Apr 19 21:50:00 PDT 2000 >Closed-Date: >Last-Modified: >Originator: Ben Smithurst >Release: FreeBSD 4.0-STABLE i386 >Organization: >Environment: FreeBSD strontium.scientia.demon.co.uk 4.0-STABLE FreeBSD 4.0-STABLE #33: Sat Apr 15 19:48:18 BST 2000 ben@platinum.scientia.demon.co.uk:/usr/src/sys/compile/STRONTIUM i386 bug seems present in -current code too. >Description: When fetch(1) is downloading an ftp URL via an HTTP proxy, it sends the Host header with the first character of the hostname missing. This is because it assumes the prefix is 7 characters ("http://") when that's not true for FTP. This is probably unimportant, as I don't know how much the Host header matters for FTP (probably not at all), but should probably be fixed anyway. >How-To-Repeat: ben@strontium:~/tmp$ ktrace fetch -o /dev/null ftp://ftp.freebsd.org/ ... ben@strontium:~/tmp$ kdump | grep Host: Host: tp.freebsd.org\r >Fix: Index: http.c =================================================================== RCS file: /usr/cvs/src/usr.bin/fetch/http.c,v retrieving revision 1.31 diff -u -r1.31 http.c --- http.c 2000/03/08 13:02:10 1.31 +++ http.c 2000/04/20 02:53:51 @@ -261,7 +261,10 @@ if (strncmp(uri, "http://", 7) == 0 || strncmp(uri, "ftp://", 6) == 0) { char *hosthdr; - slash = strchr(uri + 7, '/'); + int plen; + + plen = (uri[0] == 'h')? 7 : 6; + slash = strchr(uri + plen, '/'); if (slash == 0) { warnx("`%s': malformed `http' URL", uri); rv = EX_USAGE; @@ -273,10 +276,9 @@ file = safe_strdup(slash); else file = safe_strndup(slash, ques - slash); - hosthdr = alloca(sizeof("Host: \r\n") + slash - uri - 7); - strcpy(hosthdr, "Host: "); - strncat(hosthdr, uri + 7, slash - uri - 7); - strcat(hosthdr, "\r\n"); + hosthdr = alloca(sizeof("Host: \r\n") + slash - uri - plen); + sprintf(hosthdr, "Host: %.*s\r\n", + slash - uri - plen, uri + plen); https->http_host_header = safe_strdup(hosthdr); } else { slash = uri; (The previous code looked suspect to me anyway. As the strncat wouldn't append a NUL byte, it looked to me as if the strcat following it was assuming alloca returned zero-filled memory. Whether that's the case or not (the man-page doesn't say so, so I'd assume it isn't), it would seem unwise to rely on it. I think the sprintf with fixed size %.*s expansion is probably safer.) >Release-Note: >Audit-Trail: >Unformatted: To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-bugs" in the body of the message