diff options
author | stbuehler <stbuehler@152afb58-edef-0310-8abb-c4023f1b3aa9> | 2012-04-08 08:02:51 +0000 |
---|---|---|
committer | stbuehler <stbuehler@152afb58-edef-0310-8abb-c4023f1b3aa9> | 2012-04-08 08:02:51 +0000 |
commit | de28131afdaf869a6363410c1f2e0cc30a82742b (patch) | |
tree | ea5e8bcdbfcd8fc1b5c2d9c436b08e8e91813081 | |
parent | d040b7dc5cfd836bf83aeb04a1dfc2f59902dacc (diff) | |
download | lighttpd-de28131afdaf869a6363410c1f2e0cc30a82742b.tar.gz |
buffer_caseless_compare: always convert letters to lowercase to get transitive results, fixing array lookups (fixes #2405)
git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@2829 152afb58-edef-0310-8abb-c4023f1b3aa9
-rw-r--r-- | NEWS | 1 | ||||
-rw-r--r-- | src/buffer.c | 11 |
2 files changed, 6 insertions, 6 deletions
@@ -171,6 +171,7 @@ NEWS * [ssl/md5] prefix our own md5 implementation with li_ so it doesn't conflict with the openssl one (fixes #2269) * Enable linux-aio-sendfile for testing in autotools too * [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362) + * buffer_caseless_compare: always convert letters to lowercase to get transitive results, fixing array lookups (fixes #2405) - 1.5.0-r19.. - * -F option added for spawn-fcgi diff --git a/src/buffer.c b/src/buffer.c index aba52e02..7354bda5 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -637,15 +637,14 @@ int buffer_caseless_compare(const char *a, size_t a_len, const char *b, size_t b max_ndx = ((a_len < b_len) ? a_len : b_len); for (; ndx < max_ndx; ndx++) { - char a1 = *a++, b1 = *b++; + int a1 = *a++, b1 = *b++; if (a1 != b1) { - if ((a1 >= 'A' && a1 <= 'Z') && (b1 >= 'a' && b1 <= 'z')) - a1 |= 32; - else if ((a1 >= 'a' && a1 <= 'z') && (b1 >= 'A' && b1 <= 'Z')) - b1 |= 32; - if ((a1 - b1) != 0) return (a1 - b1); + /* always lowercase for transitive results */ + if (a1 >= 'A' && a1 <= 'Z') a1 |= 32; + if (b1 >= 'A' && b1 <= 'Z') b1 |= 32; + if ((a1 - b1) != 0) return (a1 - b1); } } |