-const char parsers_rcs[] = "$Id: parsers.c,v 1.56.2.5 2003/04/14 12:08:16 oes Exp $";
+const char parsers_rcs[] = "$Id: parsers.c,v 1.56.2.7 2003/05/06 12:07:26 oes Exp $";
/*********************************************************************
*
* File : $Source: /cvsroot/ijbswa/current/Attic/parsers.c,v $
*
* Revisions :
* $Log: parsers.c,v $
+ * Revision 1.56.2.7 2003/05/06 12:07:26 oes
+ * Fixed bug #729900: Suspicious HOST: headers are now killed and regenerated if necessary
+ *
+ * Revision 1.56.2.6 2003/04/14 21:28:30 oes
+ * Completing the previous change
+ *
* Revision 1.56.2.5 2003/04/14 12:08:16 oes
* Added temporary workaround for bug in PHP < 4.2.3
*
* Description : Set the content-type for filterable types (text/.*,
* javascript and image/gif) unless filtering has been
* forbidden (CT_TABOO) while parsing earlier headers.
+ * NOTE: Since text/plain is commonly used by web servers
+ * for files whose correct type is unknown, we don't
+ * set CT_TEXT for it.
*
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
{
if (csp->content_type != CT_TABOO)
{
- if (strstr(*header, " text/")
+ if ((strstr(*header, " text/") && !strstr(*header, "plain"))
|| strstr(*header, "application/x-javascript"))
csp->content_type = CT_TEXT;
else if (strstr(*header, " image/gif"))
* port information, parse and evaluate the Host
* header field.
*
+ * Also, kill ill-formed HOST: headers as sent by
+ * Apple's iTunes software when used with a proxy.
+ *
* Parameters :
* 1 : csp = Current client state (buffers, headers, etc...)
* 2 : header = On input, pointer to header to modify.
{
char *p, *q;
+ /*
+ * If the header field name is all upper-case, chances are that it's
+ * an ill-formed one from iTunes. BTW, killing innocent headers here is
+ * not a problem -- they are regenerated later.
+ */
+ if ((*header)[1] == 'O')
+ {
+ log_error(LOG_LEVEL_HEADER, "Killed all-caps Host header line: %s", *header);
+ freez(*header);
+ return JB_ERR_OK;
+ }
+
if (!csp->http->hostport || (*csp->http->hostport == '*') ||
*csp->http->hostport == ' ' || *csp->http->hostport == '\0')
{