From 455bebc2c76223a1be26042f6d2393715c0df0cd Mon Sep 17 00:00:00 2001
From: Stefan Eissing <stefan@eissing.org>
Date: Wed, 6 May 2026 09:24:50 +0200
Subject: [PATCH] peer: fix compare of hostname for uds

Unix domain socket paths need to be compared case-senstive, in contrast
to DNS hostnames.

Follow-up to bc40e09f63889a8bc14fa8f7221921

Pointed out by Codex Security

Closes #21511
---
 lib/peer.c | 17 +++++++++++++----
 1 file changed, 13 insertions(+), 4 deletions(-)

diff --git a/lib/peer.c b/lib/peer.c
index 52b40a5da7..49669e4e0e 100644
--- a/lib/peer.c
+++ b/lib/peer.c
@@ -318,15 +318,24 @@ bool Curl_peer_equal(struct Curl_peer *p1, struct Curl_peer *p2)
           Curl_peer_same_destination(p1, p2));
 }
 
+static bool peer_same_hostname(struct Curl_peer *p1, struct Curl_peer *p2)
+{
+  /* UNIX domain socket paths must be compared case-sensitive,
+   * as many filesystem are like that. */
+  return (p1->unix_socket == p2->unix_socket) &&
+         (p1->abstract_uds == p2->abstract_uds) &&
+         (p1->ipv6 == p2->ipv6) &&
+         (p1->unix_socket ?
+          !strcmp(p1->hostname, p2->hostname) :
+          curl_strequal(p1->hostname, p2->hostname));
+}
+
 bool Curl_peer_same_destination(struct Curl_peer *p1, struct Curl_peer *p2)
 {
   return (p1 == p2) ||
          (p1 && p2 &&
           (p1->port == p2->port) &&
-          curl_strequal(p1->hostname, p2->hostname) &&
-          (p1->ipv6 == p2->ipv6) &&
-          (p1->unix_socket == p2->unix_socket) &&
-          (p1->abstract_uds == p2->abstract_uds) &&
+          peer_same_hostname(p1, p2) &&
           (p1->scopeid == p2->scopeid) &&
           (p1->scopeid || curl_strequal(p1->zoneid, p2->zoneid)));
 }