> The 'elog' utility for commandline submission used wrong 'Host:' in POST header.
> The host listed after 'Host:' should be the host where the server runs, not the
> localhost (see patch below).
>
> $ diff -u elog.c_20050711 elog.c
> --- elog.c_20050711 Mon Jul 11 18:54:20 2005
> +++ elog.c Mon Jul 11 18:55:31 2005
> @@ -421,7 +421,7 @@
> sprintf(request + strlen(request), "%s/%d?cmd=download", experiment, message_id);
> strcat(request, " HTTP/1.0\r\n");
>
> - sprintf(request + strlen(request), "Host: %s\r\n", host_name);
> + sprintf(request + strlen(request), "Host: %s\r\n", host);
> sprintf(request + strlen(request), "User-Agent: ELOG\r\n");
>
> first = 1;
> @@ -872,7 +872,7 @@
> strcat(request, " HTTP/1.0\r\n");
>
> sprintf(request + strlen(request), "Content-Type: multipart/form-data; boundary=%s\r\n", boundary);
> - sprintf(request + strlen(request), "Host: %s\r\n", host_name);
> + sprintf(request + strlen(request), "Host: %s\r\n", host);
> sprintf(request + strlen(request), "User-Agent: ELOG\r\n");
> sprintf(request + strlen(request), "Content-Length: %d\r\n", content_length);
This is not completally true IMHO .. better, it is, but it is not the only problem.
Elog seems to speak HTML/1.0, where "host:" is not implemented ... Since ELOG does not support Vhosts I think the right beaviour is to remove the "Host:" header at all ...
On the other hand it should replay with an error when a bogus client tries to speak HTML/1.0 specifing "host:",
and (the wrost case) when the bogus client says to speak HTML/1.1 and doesnt provide the required "Host:" header ...
Yes .. elog will ignore it, but it is an RFC requirement for HTML/1.1 ! |