diff options
| -rw-r--r-- | NEWS | 1 | ||||
| -rw-r--r-- | src/buffer.c | 11 |
2 files changed, 6 insertions, 6 deletions
@@ -171,6 +171,7 @@ NEWS * [ssl/md5] prefix our own md5 implementation with li_ so it doesn't conflict with the openssl one (fixes #2269) * Enable linux-aio-sendfile for testing in autotools too * [mod_auth] Fix signedness error in http_auth (fixes #2370, CVE-2011-4362) + * buffer_caseless_compare: always convert letters to lowercase to get transitive results, fixing array lookups (fixes #2405) - 1.5.0-r19.. - * -F option added for spawn-fcgi diff --git a/src/buffer.c b/src/buffer.c index aba52e02..7354bda5 100644 --- a/src/buffer.c +++ b/src/buffer.c @@ -637,15 +637,14 @@ int buffer_caseless_compare(const char *a, size_t a_len, const char *b, size_t b max_ndx = ((a_len < b_len) ? a_len : b_len); for (; ndx < max_ndx; ndx++) { - char a1 = *a++, b1 = *b++; + int a1 = *a++, b1 = *b++; if (a1 != b1) { - if ((a1 >= 'A' && a1 <= 'Z') && (b1 >= 'a' && b1 <= 'z')) - a1 |= 32; - else if ((a1 >= 'a' && a1 <= 'z') && (b1 >= 'A' && b1 <= 'Z')) - b1 |= 32; - if ((a1 - b1) != 0) return (a1 - b1); + /* always lowercase for transitive results */ + if (a1 >= 'A' && a1 <= 'Z') a1 |= 32; + if (b1 >= 'A' && b1 <= 'Z') b1 |= 32; + if ((a1 - b1) != 0) return (a1 - b1); } } |