From: William A. Rowe Jr <wrowe@apache.org>
Date: Thu, 6 Jul 2017 03:32:04 +0000 (+0000)
Subject: Fix negotiation type parsing to be strict about "*", "*/*" and "type/*"
X-Git-Tag: 2.2.34~3
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3f4dfa3fde0643636de48bdda480ba170c897a73;p=thirdparty%2Fapache%2Fhttpd.git

Fix negotiation type parsing to be strict about "*", "*/*" and "type/*"
comparisons.

Submitted by: wrowe, Robert Święcki <robert swiecki.net>
Backports: r1800917
Reviewed by: wrowe, jchampion, ylavic



git-svn-id: https://svn.apache.org/repos/asf/httpd/httpd/branches/2.2.x@1800963 13f79535-47bb-0310-9956-ffa450edef68
---

diff --git a/STATUS b/STATUS
index be0ae30c1e2..4f84c835169 100644
--- a/STATUS
+++ b/STATUS
@@ -104,12 +104,6 @@ RELEASE SHOWSTOPPERS:
 PATCHES ACCEPTED TO BACKPORT FROM TRUNK:
   [ start all new proposals below, under PATCHES PROPOSED. ]
 
-   *) Fix negotiation type parsing to be strict about "*", "*/*" and "type/*"
-      comparisons.
-      Submitted by: wrowe, Robert ÅwiÄcki <robert swiecki.net>
-      trunk patch: http://svn.apache.org/r1800917
-      +1: wrowe, jchampion (inspection), ylavic
-
 
 PATCHES PROPOSED TO BACKPORT FROM TRUNK:
   [ New proposals should be added at the end of the list ]
diff --git a/modules/mappers/mod_negotiation.c b/modules/mappers/mod_negotiation.c
index ef4a72aba93..61bf55e93cf 100644
--- a/modules/mappers/mod_negotiation.c
+++ b/modules/mappers/mod_negotiation.c
@@ -1339,14 +1339,19 @@ static int mime_match(accept_rec *accept_r, var_rec *avail)
     const char *avail_type = avail->mime_type;
     int len = strlen(accept_type);
 
-    if (accept_type[0] == '*') {        /* Anything matches star/star */
+    if ((len == 1 && accept_type[0] == '*')
+            || (len == 3 && !strncmp(accept_type, "*/*", 3))) {
+        /* Anything matches star or star/star */
         if (avail->mime_stars < 1) {
             avail->mime_stars = 1;
         }
         return 1;
     }
-    else if ((accept_type[len - 1] == '*') &&
-             !strncmp(accept_type, avail_type, len - 2)) {
+    else if (len > 2 && accept_type[len - 2] == '/'
+                     && accept_type[len - 1] == '*'
+                     && !strncmp(accept_type, avail_type, len - 2)
+                     && avail_type[len - 2] == '/') {
+        /* Any subtype matches for type/star */
         if (avail->mime_stars < 2) {
             avail->mime_stars = 2;
         }
