Bug 18106

Summary: fetch(1) sends incorrect 'Host' header for FTP URLs
Product: Base System Reporter: Ben Smithurst <ben>
Component: binAssignee: Dag-Erling Smørgrav <des>
Status: Closed FIXED    
Severity: Affects Only Me    
Priority: Normal    
Version: 4.0-STABLE   
Hardware: Any   
OS: Any   

Description Ben Smithurst 2000-04-20 05:50:00 UTC 
When fetch(1) is downloading an ftp URL via an HTTP proxy, it sends the
Host header with the first character of the hostname missing.  This is
because it assumes the prefix is 7 characters ("http://") when that's
not true for FTP.

This is probably unimportant, as I don't know how much the Host header
matters for FTP (probably not at all), but should probably be fixed
anyway.

Fix: 

(The previous code looked suspect to me anyway.  As the strncat wouldn't
append a NUL byte, it looked to me as if the strcat following it was
assuming alloca returned zero-filled memory.  Whether that's the case
or not (the man-page doesn't say so, so I'd assume it isn't), it would
seem unwise to rely on it.  I think the sprintf with fixed size %.*s
expansion is probably safer.)--9RSqLmUERRXDy2GQHS8tagYk8FCKNnETvq8o0iB6htHJTUAB
Content-Type: text/plain; name="file.diff"
Content-Transfer-Encoding: 7bit
Content-Disposition: attachment; filename="file.diff"

Index: http.c
===================================================================
RCS file: /usr/cvs/src/usr.bin/fetch/http.c,v
retrieving revision 1.31
diff -u -r1.31 http.c
--- http.c	2000/03/08 13:02:10	1.31
+++ http.c	2000/04/20 02:53:51
@@ -261,7 +261,10 @@
 
 	if (strncmp(uri, "http://", 7) == 0 || strncmp(uri, "ftp://", 6) == 0) {
 		char *hosthdr;
-		slash = strchr(uri + 7, '/');
+		int plen;
+
+		plen = (uri[0] == 'h')? 7 : 6;
+		slash = strchr(uri + plen, '/');
 		if (slash == 0) {
 			warnx("`%s': malformed `http' URL", uri);
 			rv = EX_USAGE;
@@ -273,10 +276,9 @@
 			file = safe_strdup(slash);
 		else
 			file = safe_strndup(slash, ques - slash);
-		hosthdr = alloca(sizeof("Host: \r\n") + slash - uri - 7);
-		strcpy(hosthdr, "Host: ");
-		strncat(hosthdr, uri + 7, slash - uri - 7);
-		strcat(hosthdr, "\r\n");
+		hosthdr = alloca(sizeof("Host: \r\n") + slash - uri - plen);
+		sprintf(hosthdr, "Host: %.*s\r\n",
+		  slash - uri - plen, uri + plen);
 		https->http_host_header = safe_strdup(hosthdr);
 	} else {
 		slash = uri;
How-To-Repeat: 
ben@strontium:~/tmp$ ktrace fetch -o /dev/null ftp://ftp.freebsd.org/ 
...
ben@strontium:~/tmp$ kdump | grep Host:
        Host: tp.freebsd.org\r
Comment 1 Dag-Erling Smørgrav freebsd_committer freebsd_triage 2000-06-29 11:38:18 UTC 
Responsible Changed
From-To: freebsd-bugs->des

fetch(1) is mine.
Comment 2 Dag-Erling Smørgrav freebsd_committer freebsd_triage 2000-07-19 10:25:10 UTC 
State Changed
From-To: open->closed
Comment 3 Dag-Erling Smørgrav freebsd_committer freebsd_triage 2000-07-19 10:25:50 UTC 
State Changed
From-To: closed->open

Closed by mistake.
Comment 4 Dag-Erling Smørgrav freebsd_committer freebsd_triage 2000-08-31 15:55:14 UTC 
State Changed
From-To: open->closed

Fixed in 4.x and 5.x.