commit 30df20de3d2428347fb0775f9ed736dfbaec875a
author Willy Tarreau <w@1wt.eu> Wed Mar 31 11:41:36 2021 +0200
committer Willy Tarreau <w@1wt.eu> Wed Mar 31 11:49:56 2021 +0200
tree 61a022b8b09e0c7b3352299cd11698383cbb42ee
parent 2dfb1574d1d5ae6197e63f97a2d3e547878a4408

BUG/MINOR: http_fetch: make hdr_ip() resistant to empty fields

The fix in commit 7b0e00d94 ("BUG/MINOR: http_fetch: make hdr_ip() reject
trailing characters") made hdr_ip() more sensitive to empty fields, for
example if a trusted proxy incorrectly sends the header with an empty
value, we could return 0.0.0.0 which is not correct. Let's make sure we
only assign an IPv4 type here when a non-empty address was found.

This should be backported to all branches where the fix above was
backported.

(cherry picked from commit 645dc08533531416b91ca74ff5aa03154dc0ee50)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 48b6abfdbb9eaba62797bc7af86392b53c67c19d)
Signed-off-by: Willy Tarreau <w@1wt.eu>
(cherry picked from commit 25b66ddf2cd7246aa9f79aa6dce40a5363ca9ffe)
Signed-off-by: Willy Tarreau <w@1wt.eu>

src/http_fetch.c

diff --git a/src/http_fetch.c b/src/http_fetch.c
index b3a5ea5..f2a74ba 100644
--- a/src/http_fetch.c
+++ b/src/http_fetch.c
@@ -1581,7 +1581,7 @@
 			       smp->data.u.str.data);
 			temp->area[smp->data.u.str.data] = '\0';
 			len = url2ipv4((char *) temp->area, &smp->data.u.ipv4);
-			if (len == smp->data.u.str.data) {
+			if (len > 0 && len == smp->data.u.str.data) {
 				/* plain IPv4 address */
 				smp->data.type = SMP_T_IPV4;
 				break;