BUG/MEDIUM: http-act: Don't replace URI if path is not found or invalid
For replace-path, replace-pathq and replace-uri actions, we must take care
to not match on the selected element if it is not defined.
regex_exec_match2() function expects to be called with a defined
subject. However, if the request path is invalid or not found, the function
is called with a NULL subject, leading to a crash when compiled without the
PRCE/PCRE2 support.
For instance the following rules crashes HAProxy on a CONNECT request:
http-request replace-path /short/(.) /\1
This patch must be backported as far as 2.0.
(cherry picked from commit 114e759d5d5e9d93e0c5993f49e3de3ec5dcbf3b)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
(cherry picked from commit 27ef430cd71c42453089747e5ccdfcf1a58efad8)
Signed-off-by: Christopher Faulet <cfaulet@haproxy.com>
diff --git a/src/http_act.c b/src/http_act.c
index 12a9a9f..8574a7d 100644
--- a/src/http_act.c
+++ b/src/http_act.c
@@ -526,6 +526,9 @@
else if (rule->action == 4) // replace-pathq
uri = http_get_path(uri);
+ if (!istlen(uri))
+ goto leave;
+
if (!regex_exec_match2(rule->arg.http.re, uri.ptr, uri.len, MAX_MATCH, pmatch, 0))
goto leave;