From c9db48cec8efd56f8291443d08e7d12b8af9a1af Mon Sep 17 00:00:00 2001
From: Deon George <deon@leenooks.net>
Date: Mon, 12 Oct 2020 23:25:49 +1100
Subject: [PATCH] Fix requests to the webserver using IPv6 address
 http://[1234:1234::] requests. The host portion contains ":" after
 split_port_part(), resulting in a 400 error. Renaming is_legal_hostname() to
 is_legal_host(), since requests to webservers are to "hosts" not "hostnames".

---
 src/sbbs3/websrvr.c | 10 +++++-----
 1 file changed, 5 insertions(+), 5 deletions(-)

diff --git a/src/sbbs3/websrvr.c b/src/sbbs3/websrvr.c
index e88d3741aa..92e99c3f2b 100644
--- a/src/sbbs3/websrvr.c
+++ b/src/sbbs3/websrvr.c
@@ -3162,7 +3162,7 @@ static BOOL get_fullpath(http_session_t * session)
 	return(isabspath(session->req.physical_path));
 }
 
-static BOOL is_legal_hostname(const char *host, BOOL strip_port)
+static BOOL is_legal_host(const char *host, BOOL strip_port)
 {
 	char * stripped = NULL;
 
@@ -3175,7 +3175,7 @@ static BOOL is_legal_hostname(const char *host, BOOL strip_port)
 		FREE_AND_NULL(stripped);
 		return FALSE;
 	}
-	if (strspn(host, "abcdefghijklmnopqrstuvwxyz0123456789-.") != strlen(host)) {
+	if (strspn(host, ":abcdefghijklmnopqrstuvwxyz0123456789-.") != strlen(host)) {
 		FREE_AND_NULL(stripped);
 		return FALSE;
 	}
@@ -3225,11 +3225,11 @@ static BOOL get_req(http_session_t * session, char *request_line)
 			if(!is_redir) {
 				get_request_headers(session);
 			}
-			if (!is_legal_hostname(session->req.host, TRUE)) {
+			if (!is_legal_host(session->req.host, TRUE)) {
 				send_error(session,__LINE__,"400 Bad Request");
 				return FALSE;
 			}
-			if (!is_legal_hostname(session->req.vhost, FALSE)) {
+			if (!is_legal_host(session->req.vhost, FALSE)) {
 				send_error(session,__LINE__,"400 Bad Request");
 				return FALSE;
 			}
@@ -6216,7 +6216,7 @@ int read_post_data(http_session_t * session)
 			/* Read more headers! */
 			if(!get_request_headers(session))
 				return(FALSE);
-			if (!is_legal_hostname(session->req.vhost, FALSE)) {
+			if (!is_legal_host(session->req.vhost, FALSE)) {
 				send_error(session,__LINE__,"400 Bad Request");
 				return FALSE;
 			}
-- 
GitLab