Fri Nov 19 09:27:52 CET 1999
Modified Files in squid/src
	http.c 

A malicous user could pollute Squids cache with incorrect objects for name
based virtual servers where they have control of one of the servers sharing
the IP and access to use Squid.


Index: squid/src/http.c
diff -u squid/src/http.c:1.1.1.38.2.5 squid/src/http.c:1.1.1.38.2.6
--- squid/src/http.c:1.1.1.38.2.5	Sun Oct 24 21:42:35 1999
+++ squid/src/http.c	Fri Nov 19 09:27:51 1999
@@ -684,8 +684,10 @@
 		request->flags.auth = 0;	/* We have used the authentication */
 	    break;
 	case HDR_HOST:
-	    /* Don't use client's Host: header for redirected requests */
-	    if (!request->flags.redirected || !Config.onoff.redir_rewrites_host)
+	    /* Don't trust the client's Host: header unless the request is
+	     * redirected and redir_rewrites_host is off
+	     */
+	    if (request->flags.redirected && !Config.onoff.redir_rewrites_host)
 		httpHeaderAddEntry(hdr_out, httpHeaderEntryClone(e));
 	    break;
 	case HDR_IF_MODIFIED_SINCE: