BUG/MINOR: http: abort request processing on filter failure

Commit c600204 ("BUG/MEDIUM: regex: fix risk of buffer overrun in
exp_replace()") added a control of failure on the response headers,
but forgot to check for the error during request processing. So if
the filters fail to apply, we could keep the request. It might
cause some headers to silently fail to be added for example. Note
that it's tagged MINOR because a standard configuration cannot make
this case happen.

The fix should be backported to 1.5 and 1.4 though.

diff --git a/src/proto_http.c b/src/proto_http.c
index b8f552015440b7b4e79838b4da23ccf51ed1a7be..504a0a94d073fdd96d3f2fb7daf523b4e1494eef 100644 (file)
--- a/src/proto_http.c
+++ b/src/proto_http.c
@@ -7092,7 +7092,8 @@ int apply_filters_to_request(struct session *s, struct channel *req, struct prox
                        /* The filter did not match the request, it can be
                         * iterated through all headers.
                         */
-                       apply_filter_to_req_headers(s, req, exp);
+                       if (unlikely(apply_filter_to_req_headers(s, req, exp) < 0))
+                               return -1;
                }
        }
        return 0;