mirror of
https://codeberg.org/grunfink/snac2.git
synced 2024-09-19 18:00:23 +03:00
Try to avoid host header misconfigurations in check_signature().
This commit is contained in:
parent
6bd8aed25d
commit
607335aa74
13
http.c
13
http.c
@ -223,6 +223,19 @@ int check_signature(xs_dict *req, xs_str **err)
|
||||
if (strcmp(v, "(expires)") == 0) {
|
||||
ss = xs_fmt("%s: %s", v, expires);
|
||||
}
|
||||
else
|
||||
if (strcmp(v, "host") == 0) {
|
||||
hc = xs_dict_get(req, "host");
|
||||
|
||||
/* if there is no host header or some garbage like
|
||||
address:host has arrived here due to misconfiguration,
|
||||
signature verify will totally fail, so let's Leroy Jenkins
|
||||
with the global server hostname instead */
|
||||
if (hc == NULL || xs_str_in(hc, ":") != -1)
|
||||
hc = xs_dict_get(srv_config, "host");
|
||||
|
||||
ss = xs_fmt("host: %s", hc);
|
||||
}
|
||||
else {
|
||||
/* add the header */
|
||||
if ((hc = xs_dict_get(req, v)) == NULL) {
|
||||
|
Loading…
Reference in New Issue
Block a user