From 4d3cece251f7feff661782638fa14c5a50d715f5 Mon Sep 17 00:00:00 2001
From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Sun, 17 Apr 2016 22:54:24 +1200
Subject: [PATCH] Bug 4465: Header forgery detection leads to crash

---
 src/client_side_request.cc | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/src/client_side_request.cc b/src/client_side_request.cc
index e2b3e1010e..cbcc9bc9f0 100644
--- a/src/client_side_request.cc
+++ b/src/client_side_request.cc
@@ -554,7 +554,8 @@ ClientRequestContext::hostHeaderVerifyFailed(const char *A, const char *B)
 
     debugs(85, DBG_IMPORTANT, "SECURITY ALERT: Host header forgery detected on " <<
            http->getConn()->clientConnection << " (" << A << " does not match " << B << ")");
-    debugs(85, DBG_IMPORTANT, "SECURITY ALERT: By user agent: " << http->request->header.getStr(HDR_USER_AGENT));
+    if (const char *ua = http->request->header.getStr(HDR_USER_AGENT))
+        debugs(85, DBG_IMPORTANT, "SECURITY ALERT: By user agent: " << ua);
     debugs(85, DBG_IMPORTANT, "SECURITY ALERT: on URL: " << urlCanonical(http->request));
 
     // IP address validation for Host: failed. reject the connection.
-- 
2.47.2