upstream/haproxy
1
0
Fork 0
mirror of https://github.com/haproxy/haproxy.git synced 2026-05-28 04:12:17 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions 3

BUG/MINOR: http-ext: always check remaining data when reading rfc7239 nodeport

Browse source 
http_7239_extract_nodeport() reads the first byte of the passed string
but the caller doesn't check that it's not empty, which can happen if
passed as 'host="127.0.0.1:"'. In that case the function would read and
return garbage that is present in the buffer after the colon. Let's just
check the remaining length before reading.

This can be backported to 2.8 as it was introduced with commit b2bb9257d2
("MINOR: proxy/http_ext: introduce proxy forwarded option").
This commit is contained in:
Willy Tarreau 2026-05-26 08:47:11 +02:00
parent 8878635468
commit 6eefa71ac0
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
src/http_ext.c
View file

@ -356,7 +356,7 @@ static inline int http_7239_extract_node(struct ist *input, struct forwarded_hea
if (!quoted)
return 0; /* not supported */
*input = istnext(*input);
if (!http_7239_extract_nodeport(input, nodeport))
if (!istlen(*input) || !http_7239_extract_nodeport(input, nodeport))
return 0; /* invalid nodeport */
out:
/* ok */