From ben@scientia.demon.co.uk  Wed Apr 19 21:49:22 2000
Return-Path: <ben@scientia.demon.co.uk>
Received: from scientia.demon.co.uk (scientia.demon.co.uk [212.228.14.13])
	by hub.freebsd.org (Postfix) with ESMTP id 8E32A37BDDD
	for <FreeBSD-gnats-submit@freebsd.org>; Wed, 19 Apr 2000 21:49:16 -0700 (PDT)
	(envelope-from ben@scientia.demon.co.uk)
Received: from strontium.scientia.demon.co.uk ([192.168.91.36] ident=exim)
	by scientia.demon.co.uk with esmtp (Exim 3.12 #1)
	id 12i79T-0000Yp-00 for FreeBSD-gnats-submit@freebsd.org;
	Thu, 20 Apr 2000 03:57:11 +0100
Received: (from ben) by strontium.scientia.demon.co.uk (Exim 3.12 #7)
	id 12i79S-000MaI-00 for FreeBSD-gnats-submit@freebsd.org;
	Thu, 20 Apr 2000 03:57:10 +0100
Message-Id: <E12i79S-000MaI-00@strontium.scientia.demon.co.uk>
Date: Thu, 20 Apr 2000 03:57:10 +0100
From: Ben Smithurst <ben@scientia.demon.co.uk>
Reply-To: ben@scientia.demon.co.uk
To: FreeBSD-gnats-submit@freebsd.org
Subject: fetch(1) sends incorrect 'Host' header for FTP URLs
X-Send-Pr-Version: 3.2

>Number:         18106
>Category:       bin
>Synopsis:       fetch(1) sends incorrect 'Host' header for FTP URLs
>Confidential:   no
>Severity:       non-critical
>Priority:       low
>Responsible:    des
>State:          closed
>Quarter:        
>Keywords:       
>Date-Required:  
>Class:          sw-bug
>Submitter-Id:   current-users
>Arrival-Date:   Wed Apr 19 21:50:00 PDT 2000
>Closed-Date:    Thu Aug 31 07:55:14 PDT 2000
>Last-Modified:  Thu Aug 31 07:55:29 PDT 2000
>Originator:     Ben Smithurst
>Release:        FreeBSD 4.0-STABLE i386
>Organization:
>Environment:

FreeBSD strontium.scientia.demon.co.uk 4.0-STABLE FreeBSD 4.0-STABLE #33: Sat Apr 15 19:48:18 BST 2000     ben@platinum.scientia.demon.co.uk:/usr/src/sys/compile/STRONTIUM  i386

bug seems present in -current code too.

>Description:

When fetch(1) is downloading an ftp URL via an HTTP proxy, it sends the
Host header with the first character of the hostname missing.  This is
because it assumes the prefix is 7 characters ("http://") when that's
not true for FTP.

This is probably unimportant, as I don't know how much the Host header
matters for FTP (probably not at all), but should probably be fixed
anyway.

>How-To-Repeat:

ben@strontium:~/tmp$ ktrace fetch -o /dev/null ftp://ftp.freebsd.org/ 
...
ben@strontium:~/tmp$ kdump | grep Host:
        Host: tp.freebsd.org\r

>Fix:

Index: http.c
===================================================================
RCS file: /usr/cvs/src/usr.bin/fetch/http.c,v
retrieving revision 1.31
diff -u -r1.31 http.c
--- http.c	2000/03/08 13:02:10	1.31
+++ http.c	2000/04/20 02:53:51
@@ -261,7 +261,10 @@
 
 	if (strncmp(uri, "http://", 7) == 0 || strncmp(uri, "ftp://", 6) == 0) {
 		char *hosthdr;
-		slash = strchr(uri + 7, '/');
+		int plen;
+
+		plen = (uri[0] == 'h')? 7 : 6;
+		slash = strchr(uri + plen, '/');
 		if (slash == 0) {
 			warnx("`%s': malformed `http' URL", uri);
 			rv = EX_USAGE;
@@ -273,10 +276,9 @@
 			file = safe_strdup(slash);
 		else
 			file = safe_strndup(slash, ques - slash);
-		hosthdr = alloca(sizeof("Host: \r\n") + slash - uri - 7);
-		strcpy(hosthdr, "Host: ");
-		strncat(hosthdr, uri + 7, slash - uri - 7);
-		strcat(hosthdr, "\r\n");
+		hosthdr = alloca(sizeof("Host: \r\n") + slash - uri - plen);
+		sprintf(hosthdr, "Host: %.*s\r\n",
+		  slash - uri - plen, uri + plen);
 		https->http_host_header = safe_strdup(hosthdr);
 	} else {
 		slash = uri;

(The previous code looked suspect to me anyway.  As the strncat wouldn't
append a NUL byte, it looked to me as if the strcat following it was
assuming alloca returned zero-filled memory.  Whether that's the case
or not (the man-page doesn't say so, so I'd assume it isn't), it would
seem unwise to rely on it.  I think the sprintf with fixed size %.*s
expansion is probably safer.)

>Release-Note:
>Audit-Trail:
Responsible-Changed-From-To: freebsd-bugs->des 
Responsible-Changed-By: des 
Responsible-Changed-When: Thu Jun 29 03:38:18 PDT 2000 
Responsible-Changed-Why:  
fetch(1) is mine. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18106 
State-Changed-From-To: open->closed 
State-Changed-By: des 
State-Changed-When: Wed Jul 19 02:25:10 PDT 2000 
State-Changed-Why:  


http://www.freebsd.org/cgi/query-pr.cgi?pr=18106 
State-Changed-From-To: closed->open 
State-Changed-By: des 
State-Changed-When: Wed Jul 19 02:25:50 PDT 2000 
State-Changed-Why:  
Closed by mistake. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18106 
State-Changed-From-To: open->closed 
State-Changed-By: des 
State-Changed-When: Thu Aug 31 07:55:14 PDT 2000 
State-Changed-Why:  
Fixed in 4.x and 5.x. 

http://www.freebsd.org/cgi/query-pr.cgi?pr=18106 
>Unformatted:
