git.ipfire.org Git - thirdparty/squid.git/commit

]> git.ipfire.org Git - thirdparty/squid.git/commit

projects / thirdparty / squid.git / commit

author	Amos Jeffries <squid3@treenet.co.nz>
	Mon, 2 May 2016 06:09:13 +0000 (18:09 +1200)
committer	Amos Jeffries <squid3@treenet.co.nz>
	Mon, 2 May 2016 06:09:13 +0000 (18:09 +1200)
commit	b35bf4e58ca28895b4783eb950abc02f31e51db4
tree	1eb27e77c4dfb667bec80a3b5aff2aafc6706f1e	tree \| snapshot
parent	ba5d55c12baa62bc811b6444ee957e7f7d1cf833	commit \| diff

HTTP/1.1: normalize Host header

When absolute-URI is provided Host header should be ignored. However some
code still uses Host directly so normalize it using the previously
sanitized URL authority value before doing any further request processing.

For now preserve the case where Host is completely absent. That matters
to the CVE-2009-0801 protection.

This also has the desirable side effect of removing multiple or duplicate
Host header entries.

src/servers/Http1Server.cc

diff | blob | blame | history

Mirror of https://github.com/squid-cache/squid.git

RSS Atom