On 22/11/2012 2:44 p.m., Alex Rousskov wrote:
> Hello,
>
> Squid req_header ACL cannot match valid HTTP headers with empty
> values. The attached patch makes it possible. I tried to limit the
> changes to address this specific use case. It would be good to also
> review other HttpHeader::get*() uses to check whether they mistreat
> empty header fields, but that task is left for another volunteer.
>
>
> Warning: Some req_header and rep_header ACLs that were [accidentally]
> not matching empty headers (e.g., "^$" or ".*") will now start matching
> them.
>
>
> A new HttpHeader::getByNameIfPresent() method is added to be able to
> detect presence of empty header fields while ACLHTTPHeaderData::match()
> is adjusted to convert undefined String values into empty c-strings ("")
> for ACLRegexData::match() to work.
>
> Prior to these changes, when trying to match an empty header value with
> a regex like "^$", ACLHTTPHeaderData::match() would return false because:
>
> * HttpHeader::getStrOrList() and getByName() return an undefined String.
> * String::termedBuf() returns NULL for undefined Strings; and
> * ACLRegexData::match() always fails on NULL c-strings.
>
>
> Thank you,
>
> Alex.
> P.S. This v3.2 patch needs a fuzz factor to apply to current trunk.
+1. Okay by me.
FTR I think the protocol has fallen off the deep end permitting these
types of headers. But we have to handle them.
Amos
Received on Thu Nov 22 2012 - 12:16:46 MST
This archive was generated by hypermail 2.2.0 : Thu Nov 22 2012 - 12:00:08 MST