mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-14 23:44:41 +00:00
BUG/MAJOR: lua segmentation fault when the request is like 'GET ?arg=val HTTP/1.1'
Error in the HTTP parser. The function http_get_path() can return NULL and this case is not catched in the code. So, we try to dereference NULL pointer, and a segfault occurs. These two lines are useful to prevent the bug. acl prevent_bug path_beg / http-request deny if !prevent_bug This bug fix should be backported in 1.6 and 1.7
This commit is contained in:
parent
e3cc3a3026
commit
7d38863552
30
src/hlua.c
30
src/hlua.c
@ -3642,22 +3642,24 @@ static int hlua_applet_http_new(lua_State *L, struct appctx *ctx)
|
||||
|
||||
/* Get path and qs */
|
||||
path = http_get_path(txn);
|
||||
end = txn->req.chn->buf->p + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
|
||||
p = path;
|
||||
while (p < end && *p != '?')
|
||||
p++;
|
||||
if (path) {
|
||||
end = txn->req.chn->buf->p + txn->req.sl.rq.u + txn->req.sl.rq.u_l;
|
||||
p = path;
|
||||
while (p < end && *p != '?')
|
||||
p++;
|
||||
|
||||
/* Stores the request path. */
|
||||
lua_pushstring(L, "path");
|
||||
lua_pushlstring(L, path, p - path);
|
||||
lua_settable(L, -3);
|
||||
/* Stores the request path. */
|
||||
lua_pushstring(L, "path");
|
||||
lua_pushlstring(L, path, p - path);
|
||||
lua_settable(L, -3);
|
||||
|
||||
/* Stores the query string. */
|
||||
lua_pushstring(L, "qs");
|
||||
if (*p == '?')
|
||||
p++;
|
||||
lua_pushlstring(L, p, end - p);
|
||||
lua_settable(L, -3);
|
||||
/* Stores the query string. */
|
||||
lua_pushstring(L, "qs");
|
||||
if (*p == '?')
|
||||
p++;
|
||||
lua_pushlstring(L, p, end - p);
|
||||
lua_settable(L, -3);
|
||||
}
|
||||
|
||||
/* Stores the request path. */
|
||||
lua_pushstring(L, "length");
|
||||
|
Loading…
Reference in New Issue
Block a user