From: Christopher Faulet <cfaulet@haproxy.com>
Date: Fri, 13 Apr 2018 13:53:12 +0000 (+0200)
Subject: BUG/MINOR: http: Return an error in proxy mode when url2sa fails
X-Git-Tag: v1.9-dev1~306
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=11ebb2080eb0394f0a1c2fc70f44da2b0107bb56;p=thirdparty%2Fhaproxy.git

BUG/MINOR: http: Return an error in proxy mode when url2sa fails

In proxy mode, the result of url2sa is never checked. So when the function fails
to resolve the destination server from the URL, we continue. Depending on the
internal state of the connection, we get different behaviours. With a newly
allocated connection, the field <addr.to> is not set. So we will get a HTTP
error. The status code is 503 instead of 400, but it's not really critical. But,
if it's a recycled connection, we will reuse the previous value of <addr.to>,
opening a connection on an unexpected server.

To fix the bug, we return an error when url2sa fails.

This patch should be backported in all version from 1.5.
---

diff --git a/src/proto_http.c b/src/proto_http.c
index 80e001d694..8370889b41 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -3720,9 +3720,11 @@ int http_process_request(struct stream *s, struct channel *req, int an_bit)
 		}
 
 		path = http_get_path(txn);
-		url2sa(req->buf->p + msg->sl.rq.u,
-		       path ? path - (req->buf->p + msg->sl.rq.u) : msg->sl.rq.u_l,
-		       &conn->addr.to, NULL);
+		if (url2sa(req->buf->p + msg->sl.rq.u,
+			   path ? path - (req->buf->p + msg->sl.rq.u) : msg->sl.rq.u_l,
+			   &conn->addr.to, NULL) == -1)
+			goto return_bad_req;
+
 		/* if the path was found, we have to remove everything between
 		 * req->buf->p + msg->sl.rq.u and path (excluded). If it was not
 		 * found, we need to replace from req->buf->p + msg->sl.rq.u for