From: Willy Tarreau <w@1wt.eu>
Date: Mon, 30 Aug 2010 09:06:34 +0000 (+0200)
Subject: [BUG] http: don't consider commas as a header delimitor within quotes
X-Git-Tag: v1.5-dev8~478
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=0f7f51fbe0da5b6bd38d6a392280af4a5ff80fa0;p=thirdparty%2Fhaproxy.git

[BUG] http: don't consider commas as a header delimitor within quotes

The header parser has a bug which causes commas to be matched within
quotes while it was not expected. The way the code was written could
make one think it was OK. The resulting effect is that the following
config would use the second IP address instead of the third when facing
this request :

   source 0.0.0.0 usesrc hdr_ip(X-Forwarded-For,2)

   GET / HTTP/1.0
   X-Forwarded-for: "127.0.0.1, 127.0.0.2", 127.0.0.3

This fix must be backported to 1.4 and 1.3.
---

diff --git a/src/proto_http.c b/src/proto_http.c
index 865eaa4945..f8b46f661a 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -475,8 +475,10 @@ char *find_hdr_value_end(char *s, const char *e)
 	quoted = qdpair = 0;
 	for (; s < e; s++) {
 		if (qdpair)                    qdpair = 0;
-		else if (quoted && *s == '\\') qdpair = 1;
-		else if (quoted && *s == '"')  quoted = 0;
+		else if (quoted) {
+			if (*s == '\\')        qdpair = 1;
+			else if (*s == '"')    quoted = 0;
+		}
 		else if (*s == '"')            quoted = 1;
 		else if (*s == ',')            return s;
 	}