buffer_caseless_compare: always convert letters to lowercase to get transitive results, fixing array lookups (fixes #2405)

git-svn-id: svn://svn.lighttpd.net/lighttpd/trunk@2829 152afb58-edef-0310-8abb-c4023f1b3aa9

2 files changed, 6 insertions, 6 deletions

diff --git a/NEWS b/NEWS
index 421280be..a944cb86 100644
--- a/NEWS
+++ b/NEWS
@@ -171,6 +171,7 @@ NEWS
   * [ssl/md5] prefix our own md5 implementation with li_ so it doesn't conflict with the openssl one (fixes #2269)
   * Enable linux-aio-sendfile for testing in autotools too
   * [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362)
+  * buffer_caseless_compare: always convert letters to lowercase to get transitive results, fixing array lookups (fixes #2405)
 
 - 1.5.0-r19.. -
   * -F option added for spawn-fcgi
diff --git a/src/buffer.c b/src/buffer.c
index aba52e02..7354bda5 100644
--- a/src/buffer.c
+++ b/src/buffer.c
@@ -637,15 +637,14 @@ int buffer_caseless_compare(const char *a, size_t a_len, const char *b, size_t b
 	max_ndx = ((a_len < b_len) ? a_len : b_len);
 
 	for (; ndx < max_ndx; ndx++) {
-		char a1 = *a++, b1 = *b++;
+		int a1 = *a++, b1 = *b++;
 
 		if (a1 != b1) {
-			if ((a1 >= 'A' && a1 <= 'Z') && (b1 >= 'a' && b1 <= 'z'))
-				a1 |= 32;
-			else if ((a1 >= 'a' && a1 <= 'z') && (b1 >= 'A' && b1 <= 'Z'))
-				b1 |= 32;
-			if ((a1 - b1) != 0) return (a1 - b1);
+			/* always lowercase for transitive results */
+			if (a1 >= 'A' && a1 <= 'Z') a1 |= 32;
+			if (b1 >= 'A' && b1 <= 'Z') b1 |= 32;
 
+			if ((a1 - b1) != 0) return (a1 - b1);
 		}
 	}