diff options
| author | Leah Neukirchen <leah@vuxu.org> | 2020-05-08 19:11:25 +0200 |
|---|---|---|
| committer | Leah Neukirchen <leah@vuxu.org> | 2020-05-08 19:11:25 +0200 |
| commit | 14e556b2644efa5731a25a69c843cfbb52334b29 (patch) | |
| tree | 8be4b77933a487428c159fdbeb04bf5c86e7c170 | |
| parent | c27312b4b3f091f2fc189a8aa5c55182a62d4fb5 (diff) | |
| download | hittpd-14e556b2644efa5731a25a69c843cfbb52334b29.tar.gz hittpd-14e556b2644efa5731a25a69c843cfbb52334b29.tar.xz hittpd-14e556b2644efa5731a25a69c843cfbb52334b29.zip | |
for vhost, detect Host: . and empty Host:
Thanks @duncaen.
| -rw-r--r-- | hittpd.c | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/hittpd.c b/hittpd.c index 7b97042..09c89d8 100644 --- a/hittpd.c +++ b/hittpd.c @@ -543,7 +543,7 @@ on_message_complete(http_parser *p) { *s = tolower(*s); *s = 0; } - if (strstr(host, "..")) { + if (!*host || *host == '.' || strstr(host, "..")) { send_error(p, 403, "Forbidden"); return 0; } |