diff --git a/mongoose.c b/mongoose.c
index e27ba374744e0426477390a869328f6d31160d75..7d6e0ed53ba4b98f33649f670e29fad09c3159af 100644
--- a/mongoose.c
+++ b/mongoose.c
@@ -874,6 +874,7 @@ static const char *next_option(const char *list, struct vec *val,
return list;
}
+// Perform case-insensitive match of string against pattern
static int match_prefix(const char *pattern, int pattern_len, const char *str) {
const char *or_str;
int i, j, len, res;
@@ -906,7 +907,7 @@ static int match_prefix(const char *pattern, int pattern_len, const char *str) {
res = match_prefix(pattern + i, pattern_len - i, str + j + len);
} while (res == -1 && len-- > 0);
return res == -1 ? -1 : j + res + len;
- } else if (pattern[i] != str[j]) {
+ } else if (lowercase(&pattern[i]) != lowercase(&str[j])) {
return -1;
}
}
diff --git a/test/test.pl b/test/test.pl
index 13370a94730aca1deda41f5b9e4b35c012519d8d..5e76570f142131f9ddc7edc32f24ff7cb5958770 100644
--- a/test/test.pl
+++ b/test/test.pl
@@ -171,7 +171,7 @@ my $cmd = "$mongoose_exe ".
'-put_delete_auth_file test/passfile ' .
'-access_control_list -0.0.0.0/0,+127.0.0.1 ' .
"-document_root $root ".
- "-hide_files_patterns **exploit.pl ".
+ "-hide_files_patterns **exploit.PL ".
"-enable_keep_alive yes ".
"-url_rewrite_patterns /aiased=/etc/,/ta=$test_dir";
$cmd .= ' -cgi_interpreter perl' if on_windows();
diff --git a/test/unit_test.c b/test/unit_test.c
index 1ffd0debda1a0b57c959200ebf52b7408135ebe9..40b8efa01357e51e7bebd8261b3f3ff4be93c70b 100644
--- a/test/unit_test.c
+++ b/test/unit_test.c
@@ -154,7 +154,8 @@ static void test_match_prefix(void) {
ASSERT(match_prefix("*", 1, "/hello/") == 0);
ASSERT(match_prefix("**.a$|**.b$", 11, "/a/b.b/") == -1);
ASSERT(match_prefix("**.a$|**.b$", 11, "/a/b.b") == 6);
- ASSERT(match_prefix("**.a$|**.b$", 11, "/a/b.a") == 6);
+ ASSERT(match_prefix("**.a$|**.b$", 11, "/a/B.A") == 6);
+ ASSERT(match_prefix("**o$", 4, "HELLO") == 5);
}
static void test_remove_double_dots() {