From: Christopher Faulet Date: Fri, 8 Apr 2022 08:44:21 +0000 (+0200) Subject: BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid X-Git-Tag: v2.6-dev5~27 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=114e759d5d5e9d93e0c5993f49e3de3ec5dcbf3b;p=thirdparty%2Fhaproxy.git BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid For replace-path, replace-pathq and replace-uri actions, we must take care to not match on the selected element if it is not defined. regex_exec_match2() function expects to be called with a defined subject. However, if the request path is invalid or not found, the function is called with a NULL subject, leading to a crash when compiled without the PRCE/PCRE2 support. For instance the following rules crashes HAProxy on a CONNECT request: http-request replace-path /short/(.) /\1 This patch must be backported as far as 2.0. --- diff --git a/src/http_act.c b/src/http_act.c index 133a30c6aa..eebc1884f6 100644 --- a/src/http_act.c +++ b/src/http_act.c @@ -538,6 +538,9 @@ static enum act_return http_action_replace_uri(struct act_rule *rule, struct pro uri = http_parse_path(&parser); } + if (!istlen(uri)) + goto leave; + if (!regex_exec_match2(rule->arg.http.re, uri.ptr, uri.len, MAX_MATCH, pmatch, 0)) goto leave;