From: Yann Cézard <ycezard@viareport.com>
Date: Thu, 25 Apr 2019 12:30:23 +0000 (+0200)
Subject: BUG/MEDIUM: contrib/modsecurity: If host header is NULL, don't try to strdup it
X-Git-Tag: v2.0-dev3~154
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=bf60f6b8033deddc86de5357d6099c7593fe44cc;p=thirdparty%2Fhaproxy.git

BUG/MEDIUM: contrib/modsecurity: If host header is NULL, don't try to strdup it

I discovered this bug when running OWASP regression tests against HAProxy +
modsecurity-spoa (it's a POC to evaluate how it is working).  I found out that
modsecurity spoa will crash when the request doesn't have any Host header.

See the pull request #86 on github for details.

This patch must be backported to 1.9 and 1.8.
---

diff --git a/contrib/modsecurity/modsec_wrapper.c b/contrib/modsecurity/modsec_wrapper.c
index 1daaddbd54..370682bcf1 100644
--- a/contrib/modsecurity/modsec_wrapper.c
+++ b/contrib/modsecurity/modsec_wrapper.c
@@ -325,7 +325,11 @@ int modsecurity_process(struct worker *worker, struct modsecurity_parameters *pa
 	req->content_type = apr_table_get(req->headers_in, "Content-Type");
 	req->content_encoding = apr_table_get(req->headers_in, "Content-Encoding");
 	req->hostname = apr_table_get(req->headers_in, "Host");
-	req->parsed_uri.hostname = chunk_strdup(req, req->hostname, strlen(req->hostname));
+	if (req->hostname != NULL) {
+		req->parsed_uri.hostname = chunk_strdup(req, req->hostname, strlen(req->hostname));
+	} else {
+		req->parsed_uri.hostname = NULL;
+	}
 
 	lang = apr_table_get(req->headers_in, "Content-Languages");
 	if (lang != NULL) {