]> git.ipfire.org Git - thirdparty/haproxy.git/commit
projects / thirdparty / haproxy.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 494ddbf) | patch
BUG/MEDIUM: contrib/modsecurity: If host header is NULL, don't try to strdup it
authorYann Cézard <ycezard@viareport.com>
Thu, 25 Apr 2019 12:30:23 +0000 (14:30 +0200)
committerChristopher Faulet <cfaulet@haproxy.com>
Mon, 29 Apr 2019 14:26:05 +0000 (16:26 +0200)
commitbf60f6b8033deddc86de5357d6099c7593fe44cc
tree07cef095a522975518cca4404e6f7c5799942e03tree
parent494ddbff478d880e48de490f2689607addac70bccommit | diff
BUG/MEDIUM: contrib/modsecurity: If host header is NULL, don't try to strdup it

I discovered this bug when running OWASP regression tests against HAProxy +
modsecurity-spoa (it's a POC to evaluate how it is working).  I found out that
modsecurity spoa will crash when the request doesn't have any Host header.

See the pull request #86 on github for details.

This patch must be backported to 1.9 and 1.8.
contrib/modsecurity/modsec_wrapper.c diff | blob | blame | history
Mirror of https://github.com/haproxy/haproxy.git