From: Cyril Bonté <cyril.bonte@free.fr>
Date: Tue, 29 May 2012 21:27:41 +0000 (+0200)
Subject: BUG/MEDIUM: option forwardfor if-none doesn't work with some configurations
X-Git-Tag: v1.5-dev12~165
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=a32d275ab0bd078b94d34d67a6a297e4968eff43;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: option forwardfor if-none doesn't work with some configurations

When "option forwardfor" is enabled in a frontend that uses backends,
"if-none" ignores the header name provided in the frontend.
This prevents haproxy to add the X-Forwarded-For header if the option is not
used in the backend.

This may introduce security issues for servers/applications that rely on the
header provided by haproxy.

A minimal configuration which can reproduce the bug:
defaults
	mode http

listen OK
	bind :9000

	option forwardfor if-none
	server s1 127.0.0.1:80

listen BUG-frontend
	bind :9001

	option forwardfor if-none

	default_backend BUG-backend

backend BUG-backend
	server s1 127.0.0.1:80
---

diff --git a/src/proto_http.c b/src/proto_http.c
index 7cf413d77c..b41b70a5b4 100644
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -3249,9 +3249,10 @@ int http_process_request(struct session *s, struct buffer *req, int an_bit)
 	 */
 	if ((s->fe->options | s->be->options) & PR_O_FWDFOR) {
 		struct hdr_ctx ctx = { .idx = 0 };
-
 		if (!((s->fe->options | s->be->options) & PR_O_FF_ALWAYS) &&
-		    http_find_header2(s->be->fwdfor_hdr_name, s->be->fwdfor_hdr_len, req->p, &txn->hdr_idx, &ctx)) {
+			http_find_header2(s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_name : s->fe->fwdfor_hdr_name,
+			                  s->be->fwdfor_hdr_len ? s->be->fwdfor_hdr_len : s->fe->fwdfor_hdr_len,
+			                  req->p, &txn->hdr_idx, &ctx)) {
 			/* The header is set to be added only if none is present
 			 * and we found it, so don't do anything.
 			 */