Hi Andrew, On Mon, Apr 27, 2015 at 04:49:36PM -0500, Andrew Hayworth wrote: > Hi Willy - > > Sorry about the delay. I had to work on some other projects, and just > got back to this.
Oh don't worry, I know this situation too well! (...) > On Wed, Apr 15, 2015 at 4:12 AM, Willy Tarreau <w...@1wt.eu> wrote: > > There, if I send "GET \r\n\r\n", what will happen is that both spc and end > > will point to the same space, resulting in <nchar> being -1, so you can > > already see the segfault in memmove() and later. Also you need to keep in > > mind that multiple spaces are tolerated and that tabs are tolerated as > > well, but they're encoded as "#09" after encode_string(). > > I wasn't aware that either "GET \r\n\r\n" or tabs were valid in the HTTP > request line, but if the HAProxy parser tolerates it then the logging should > definitely not blow up if such a request comes through! This one is not valid but anyone could send it (I did it by hand) and haproxy must resist to this without crashing :-) And multiple spaces/tabs are allowed. > I've attached a patch that I believe addresses all of your feedback. > Let me know what you thinks! I'll try to assign some time today to review it and will keep you informed. Thanks! Willy
