[BUG] http: don't consider commas as a header delimitor within quotes

The header parser has a bug which causes commas to be matched within
quotes while it was not expected. The way the code was written could
make one think it was OK. The resulting effect is that the following
config would use the second IP address instead of the third when facing
this request :

   source 0.0.0.0 usesrc hdr_ip(X-Forwarded-For,2)

   GET / HTTP/1.0
   X-Forwarded-for: "127.0.0.1, 127.0.0.2", 127.0.0.3

This fix must be backported to 1.4 and 1.3.

diff --git a/src/proto_http.c b/src/proto_http.c
index 865eaa494544e5ea6cd61fe4df0a17b6d342b4f5..f8b46f661a9f7f9575108be0e4149fdec2295b07 100644 (file)
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -475,8 +475,10 @@ char *find_hdr_value_end(char *s, const char *e)
        quoted = qdpair = 0;
        for (; s < e; s++) {
                if (qdpair)                    qdpair = 0;
-               else if (quoted && *s == '\\') qdpair = 1;
-               else if (quoted && *s == '"')  quoted = 0;
+               else if (quoted) {
+                       if (*s == '\\')        qdpair = 1;
+                       else if (*s == '"')    quoted = 0;
+               }
                else if (*s == '"')            quoted = 1;
                else if (*s == ',')            return s;
        }