From: Willy Tarreau <w@1wt.eu>
Date: Wed, 31 Mar 2021 09:41:36 +0000 (+0200)
Subject: BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields
X-Git-Tag: v2.4-dev15~63
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=645dc08533531416b91ca74ff5aa03154dc0ee50;p=thirdparty%2Fhaproxy.git

BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields

The fix in commit 7b0e00d94 ("BUG/MINOR: http_fetch: make hdr_ip() reject
trailing characters") made hdr_ip() more sensitive to empty fields, for
example if a trusted proxy incorrectly sends the header with an empty
value, we could return 0.0.0.0 which is not correct. Let's make sure we
only assign an IPv4 type here when a non-empty address was found.

This should be backported to all branches where the fix above was
backported.
---

diff --git a/src/http_fetch.c b/src/http_fetch.c
index a4169452f9..6c569a75bb 100644
--- a/src/http_fetch.c
+++ b/src/http_fetch.c
@@ -1004,7 +1004,7 @@ static int smp_fetch_hdr_ip(const struct arg *args, struct sample *smp, const ch
 			       smp->data.u.str.data);
 			temp->area[smp->data.u.str.data] = '\0';
 			len = url2ipv4((char *) temp->area, &smp->data.u.ipv4);
-			if (len == smp->data.u.str.data) {
+			if (len > 0 && len == smp->data.u.str.data) {
 				/* plain IPv4 address */
 				smp->data.type = SMP_T_IPV4;
 				break;