From: Willy Tarreau <w@1wt.eu>
Date: Wed, 31 Mar 2021 09:41:36 +0000 (+0200)
Subject: BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields
X-Git-Url: http://git.haproxy.org/?a=commitdiff_plain;h=542e64495d6967df35adc3dd481cefefc462f0bd;p=haproxy-2.1.git

BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields

The fix in commit 7b0e00d94 ("BUG/MINOR: http_fetch: make hdr_ip() reject
trailing characters") made hdr_ip() more sensitive to empty fields, for
example if a trusted proxy incorrectly sends the header with an empty
value, we could return 0.0.0.0 which is not correct. Let's make sure we
only assign an IPv4 type here when a non-empty address was found.

This should be backported to all branches where the fix above was
backported.

(cherry picked from commit 645dc08533531416b91ca74ff5aa03154dc0ee50)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 48b6abfdbb9eaba62797bc7af86392b53c67c19d)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 25b66ddf2cd7246aa9f79aa6dce40a5363ca9ffe)
Signed-off-by: Willy Tarreau <w@1wt.eu>
---

diff --git a/src/http_fetch.c b/src/http_fetch.c
index e07bab4..f256fad 100644
--- a/src/http_fetch.c
+++ b/src/http_fetch.c
@@ -975,7 +975,7 @@ static int smp_fetch_hdr_ip(const struct arg *args, struct sample *smp, const ch
 			       smp->data.u.str.data);
 			temp->area[smp->data.u.str.data] = '\0';
 			len = url2ipv4((char *) temp->area, &smp->data.u.ipv4);
-			if (len == smp->data.u.str.data) {
+			if (len > 0 && len == smp->data.u.str.data) {
 				/* plain IPv4 address */
 				smp->data.type = SMP_T_IPV4;
 				break;