BUG/MEDIUM: proto_htx: Fix functions applying regex filters on HTX messages

The HTX functions htx_apply_filter_to_req_headers() and
htx_apply_filter_to_resp_headers() contain 2 bugs. The first one is about the
matching on each header. The chunk 'hdr' used to format a full header line was
never reset. The second bug appears when we try to replace or remove a
header. The variable ctx was not fully initialized, leading to sefaults.

This patch must be backported to 1.9.

diff --git a/src/proto_htx.c b/src/proto_htx.c
index d1bdac2b9a698839e6c510982c5da7c3e329f871..2f100886f05ee9e2470252ca63bf7a5edd7573c6 100644 (file)
--- a/src/proto_htx.c
+++ b/src/proto_htx.c
@@ -3502,7 +3502,7 @@ static int htx_apply_filter_to_req_headers(struct stream *s, struct channel *req
                n = htx_get_blk_name(htx, blk);
                v = htx_get_blk_value(htx, blk);
 
-               chunk_memcat(hdr, n.ptr, n.len);
+               chunk_memcpy(hdr, n.ptr, n.len);
                hdr->area[hdr->data++] = ':';
                hdr->area[hdr->data++] = ' ';
                chunk_memcat(hdr, v.ptr, v.len);
@@ -3534,6 +3534,7 @@ static int htx_apply_filter_to_req_headers(struct stream *s, struct channel *req
                                        http_parse_header(ist2(trash.area, len), &n, &v);
                                        ctx.blk = blk;
                                        ctx.value = v;
+                                       ctx.lws_before = ctx.lws_after = 0;
                                        if (!http_replace_header(htx, &ctx, n, v))
                                                return -1;
                                        if (!ctx.blk)
@@ -3544,6 +3545,7 @@ static int htx_apply_filter_to_req_headers(struct stream *s, struct channel *req
                                case ACT_REMOVE:
                                        ctx.blk = blk;
                                        ctx.value = v;
+                                       ctx.lws_before = ctx.lws_after = 0;
                                        if (!http_remove_header(htx, &ctx))
                                                return -1;
                                        if (!ctx.blk)
@@ -3717,7 +3719,7 @@ static int htx_apply_filter_to_resp_headers(struct stream *s, struct channel *re
                n = htx_get_blk_name(htx, blk);
                v = htx_get_blk_value(htx, blk);
 
-               chunk_memcat(hdr, n.ptr, n.len);
+               chunk_memcpy(hdr, n.ptr, n.len);
                hdr->area[hdr->data++] = ':';
                hdr->area[hdr->data++] = ' ';
                chunk_memcat(hdr, v.ptr, v.len);
@@ -3747,6 +3749,7 @@ static int htx_apply_filter_to_resp_headers(struct stream *s, struct channel *re
                                        http_parse_header(ist2(trash.area, len), &n, &v);
                                        ctx.blk = blk;
                                        ctx.value = v;
+                                       ctx.lws_before = ctx.lws_after = 0;
                                        if (!http_replace_header(htx, &ctx, n, v))
                                                return -1;
                                        if (!ctx.blk)
@@ -3757,6 +3760,7 @@ static int htx_apply_filter_to_resp_headers(struct stream *s, struct channel *re
                                case ACT_REMOVE:
                                        ctx.blk = blk;
                                        ctx.value = v;
+                                       ctx.lws_before = ctx.lws_after = 0;
                                        if (!http_remove_header(htx, &ctx))
                                                return -1;
                                        if (!ctx.blk)