monkee.ch/snac2
1
0
Fork 0
mirror of https://codeberg.org/grunfink/snac2.git synced 2024-11-22 13:25:04 +00:00
Code Issues Projects Releases Packages Wiki Activity

Try to avoid host header misconfigurations in check_signature().

Browse source
This commit is contained in:
default 2024-01-03 09:22:07 +01:00
parent 6bd8aed25d
commit 607335aa74
1 changed files with 13 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

13
http.c
View file

@ -223,6 +223,19 @@ int check_signature(xs_dict *req, xs_str **err)
if (strcmp(v, "(expires)") == 0) { if (strcmp(v, "(expires)") == 0) {
ss = xs_fmt("%s: %s", v, expires); ss = xs_fmt("%s: %s", v, expires);
} }
else
if (strcmp(v, "host") == 0) {
hc = xs_dict_get(req, "host");
/* if there is no host header or some garbage like
address:host has arrived here due to misconfiguration,
signature verify will totally fail, so let's Leroy Jenkins
with the global server hostname instead */
if (hc == NULL || xs_str_in(hc, ":") != -1)
hc = xs_dict_get(srv_config, "host");
ss = xs_fmt("host: %s", hc);
}
else { else {
/* add the header */ /* add the header */
if ((hc = xs_dict_get(req, v)) == NULL) { if ((hc = xs_dict_get(req, v)) == NULL) {