[hackers] [quark] Fix the style a bit and prevent out-of-bounds index access for vhost[] || Laslo Hunhold

From: <git_AT_suckless.org>
Date: Tue, 11 Jul 2017 15:03:02 +0200 (CEST)

commit d7f5c6029e4dab604bd8fc82f747544ac4e4dc67
Author: Laslo Hunhold <dev_AT_frign.de>
AuthorDate: Tue Jul 11 15:02:24 2017 +0200
Commit: Laslo Hunhold <dev_AT_frign.de>
CommitDate: Tue Jul 11 15:02:24 2017 +0200

    Fix the style a bit and prevent out-of-bounds index access for vhost[]

diff --git a/quark.c b/quark.c
index 5b597e0..755b94d 100644
--- a/quark.c
+++ b/quark.c
_AT_@ -566,10 +566,9 @@ sendresponse(int fd, struct request *r)
         /* match vhost */
         if (vhosts) {
                 for (i = 0; i < LEN(vhost); i++) {
+ /* switch to vhost directory if there is a match */
                         if (!regexec(&vhost[i].re, r->field[REQ_HOST], 0,
- NULL, 0) &&
- /* switch to vhost directory */
- chdir(vhost[i].dir) < 0) {
+ NULL, 0) && chdir(vhost[i].dir) < 0) {
                                 return sendstatus(fd, (errno == EACCES) ?
                                                   S_FORBIDDEN : S_NOT_FOUND);
                         }
_AT_@ -606,7 +605,7 @@ sendresponse(int fd, struct request *r)
 
         /* redirect if targets differ or host is non-canonical */
         if (strcmp(r->target, realtarget) || (vhosts && r->field[REQ_HOST][0] &&
- strcmp(r->field[REQ_HOST], vhost[i].name))) {
+ i < LEN(vhost) && strcmp(r->field[REQ_HOST], vhost[i].name))) {
                 /* do we need to add a port to the Location? */
                 hasport = strcmp(port, "80");
 
Received on Tue Jul 11 2017 - 15:03:02 CEST