BUILD/MINOR: htx: fix some potential null-deref warnings with http_find_stline
http_find_stline() carefully verifies that it finds a start line otherwise
returns NULL when not found. But a few calling functions ignore this NULL
in return and dereference this pointer without checking. Let's add the
test where needed in the callers. If it turns out that over the long term
a start line is mandatory, then the test will be removed and the faulty
function will have to be simplified.
This must be backported to 1.9.
diff --git a/src/http_htx.c b/src/http_htx.c
index eb71354..a8c87b7 100644
--- a/src/http_htx.c
+++ b/src/http_htx.c
@@ -220,6 +220,9 @@
struct htx_sl *sl = http_find_stline(htx);
struct ist uri, vsn;
+ if (!sl)
+ return 0;
+
/* Start by copying old uri and version */
chunk_memcat(temp, HTX_SL_REQ_UPTR(sl), HTX_SL_REQ_ULEN(sl)); /* uri */
uri = ist2(temp->area, HTX_SL_REQ_ULEN(sl));
@@ -241,6 +244,9 @@
struct htx_sl *sl = http_find_stline(htx);
struct ist meth, vsn;
+ if (!sl)
+ return 0;
+
/* Start by copying old method and version */
chunk_memcat(temp, HTX_SL_REQ_MPTR(sl), HTX_SL_REQ_MLEN(sl)); /* meth */
meth = ist2(temp->area, HTX_SL_REQ_MLEN(sl));
@@ -262,6 +268,9 @@
struct ist meth, uri, vsn, p;
size_t plen = 0;
+ if (!sl)
+ return 0;
+
uri = htx_sl_req_uri(sl);
p = http_get_path(uri);
if (!p.ptr)
@@ -296,6 +305,9 @@
struct ist meth, uri, vsn, q;
int offset = 1;
+ if (!sl)
+ return 0;
+
uri = htx_sl_req_uri(sl);
q = uri;
while (q.len > 0 && *(q.ptr) != '?') {
@@ -337,6 +349,9 @@
struct htx_sl *sl = http_find_stline(htx);
struct ist vsn, reason;
+ if (!sl)
+ return 0;
+
/* Start by copying old uri and version */
chunk_memcat(temp, HTX_SL_RES_VPTR(sl), HTX_SL_RES_VLEN(sl)); /* vsn */
vsn = ist2(temp->area, HTX_SL_RES_VLEN(sl));
@@ -358,6 +373,9 @@
struct htx_sl *sl = http_find_stline(htx);
struct ist vsn, status;
+ if (!sl)
+ return 0;
+
/* Start by copying old uri and version */
chunk_memcat(temp, HTX_SL_RES_VPTR(sl), HTX_SL_RES_VLEN(sl)); /* vsn */
vsn = ist2(temp->area, HTX_SL_RES_VLEN(sl));