mirror of
http://git.haproxy.org/git/haproxy.git/
synced 2024-12-23 21:22:17 +00:00
BUG/MEDIUM: contrib/modsecurity: If host header is NULL, don't try to strdup it
I discovered this bug when running OWASP regression tests against HAProxy + modsecurity-spoa (it's a POC to evaluate how it is working). I found out that modsecurity spoa will crash when the request doesn't have any Host header. See the pull request #86 on github for details. This patch must be backported to 1.9 and 1.8.
This commit is contained in:
parent
494ddbff47
commit
bf60f6b803
@ -325,7 +325,11 @@ int modsecurity_process(struct worker *worker, struct modsecurity_parameters *pa
|
||||
req->content_type = apr_table_get(req->headers_in, "Content-Type");
|
||||
req->content_encoding = apr_table_get(req->headers_in, "Content-Encoding");
|
||||
req->hostname = apr_table_get(req->headers_in, "Host");
|
||||
req->parsed_uri.hostname = chunk_strdup(req, req->hostname, strlen(req->hostname));
|
||||
if (req->hostname != NULL) {
|
||||
req->parsed_uri.hostname = chunk_strdup(req, req->hostname, strlen(req->hostname));
|
||||
} else {
|
||||
req->parsed_uri.hostname = NULL;
|
||||
}
|
||||
|
||||
lang = apr_table_get(req->headers_in, "Content-Languages");
|
||||
if (lang != NULL) {
|
||||
|
Loading…
Reference in New Issue
Block a user