Re: [hackers] [quark][PATCH 3/3] do not compare the port for triggering redirection

From: Laslo Hunhold <>
Date: Mon, 2 Apr 2018 10:05:10 +0200

On Mon, 2 Apr 2018 02:55:01 +0200
Josuah Demangeon <> wrote:

Dear Josuah,

> An HTTP request may contain the port number:
> $ nc -l 8080
> GET / HTTP/1.1
> Host: localhost:8080
> User-Agent: curl/7.55.1
> Accept: */*
> It provoked the canonical host to mismatch while comparing it with
> the actual host:
> r->field[REQ_HOST]: localhost:8080
> vhostmatch: localhost
> This commit attempts to fix it by replacing the first ':' by '\0'.

thanks for alerting me to this, I honestly forgot about it.

> Hopefully this will not clash with IPv6 addresses syntax.

I fear though that we'll have to be a bit more careful to avoid
problems with IPv6-hosts. Namely, if an IPv6-host with port is
specified, the ip-address will be wrapped in square-brackets.

I put this on the todo as I unfortunately don't have the time to write a
patch at the moment, but if you like, you might want to think about
changing the patch off a bit to also respect this square bracket case
(Something along the lines of a strrchr for both [ and : in some way).

With best regards

Laslo Hunhold

Laslo Hunhold <>
Received on Mon Apr 02 2018 - 10:05:10 CEST

This archive was generated by hypermail 2.3.0 : Mon Apr 02 2018 - 10:12:23 CEST