From: Willy Tarreau Date: Tue, 26 May 2026 06:47:11 +0000 (+0200) Subject: BUG/MINOR: http-ext: always check remaining data when reading rfc7239 nodeport X-Git-Tag: v3.4-dev14~32 X-Git-Url: http://git.kaiwu.me/postgresql/log/contrib/postgres_fdw/NGINX-js-1660x332.png%20%22NGINX%20JavaScript%20Banner%22?a=commitdiff_plain;h=076655e18d901f158b12c34f1db0994b240ef8b9;p=haproxy.git BUG/MINOR: http-ext: always check remaining data when reading rfc7239 nodeport http_7239_extract_nodeport() reads the first byte of the passed string but the caller doesn't check that it's not empty, which can happen if passed as 'host="127.0.0.1:"'. In that case the function would read and return garbage that is present in the buffer after the colon. Let's just check the remaining length before reading. This can be backported to 2.8 as it was introduced with commit b2bb9257d2 ("MINOR: proxy/http_ext: introduce proxy forwarded option"). --- diff --git a/src/http_ext.c b/src/http_ext.c index a5e862d30..bed876ccc 100644 --- a/src/http_ext.c +++ b/src/http_ext.c @@ -356,7 +356,7 @@ static inline int http_7239_extract_node(struct ist *input, struct forwarded_hea if (!quoted) return 0; /* not supported */ *input = istnext(*input); - if (!http_7239_extract_nodeport(input, nodeport)) + if (!istlen(*input) || !http_7239_extract_nodeport(input, nodeport)) return 0; /* invalid nodeport */ out: /* ok */