From b60fb8d5be9122c16b0fb416dc2500b87d541497 Mon Sep 17 00:00:00 2001 From: Amaury Denoyelle Date: Thu, 8 Jul 2021 17:27:01 +0200 Subject: [PATCH] BUG/MEDIUM: http_ana: fix crash for http_proxy mode during uri rewrite Fix the wrong usage of http_uri_parser which is defined with an uninitialized uri. This causes a crash which happens when forwarding a request to a backend configured in plain proxy ('option http_proxy'). This has been reported through a clang warning on the CI. This bug has been introduced by the refactoring of URI parser API. c453f9547e14c563f7bdf03d68979a5083c0372b MINOR: http: use http uri parser for path This does not need to be backported. WARNING: although this patch fix the crash, the 'option http_proxy' seems to be non buggy, possibly since quite a few stable versions. Indeed, the URI rewriting is not functional : the path is written on the beginning of the URI but the rest of the URI is not and this garbage is passed to the server which does not understand the request. --- src/http_ana.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/src/http_ana.c b/src/http_ana.c index 5eca74156..7049263ae 100644 --- a/src/http_ana.c +++ b/src/http_ana.c @@ -623,7 +623,7 @@ int http_process_request(struct stream *s, struct channel *req, int an_bit) if ((s->be->options & PR_O_HTTP_PROXY) && !(s->flags & SF_ADDR_SET)) { struct htx_sl *sl; struct ist uri, path; - struct http_uri_parser parser = http_uri_parser_init(uri); + struct http_uri_parser parser; if (!sockaddr_alloc(&s->target_addr, NULL, 0)) { if (!(s->flags & SF_ERR_MASK)) @@ -632,6 +632,7 @@ int http_process_request(struct stream *s, struct channel *req, int an_bit) } sl = http_get_stline(htx); uri = htx_sl_req_uri(sl); + parser = http_uri_parser_init(uri); path = http_parse_path(&parser); if (url2sa(uri.ptr, uri.len - path.len, s->target_addr, NULL) == -1)