Thank you for the update, we are running the patch Thierry provided with success, but we only do a lua call within the %[] almost identically to the simple reproducer I provided. I *think* we are safe considering we don't do any redirect in the way that your (Willy's) reproducer is doing it.
We will definitely look to upgrade to the next available stable version that includes the proper fix. Thanks again! Jesse On Tue, Feb 7, 2017 at 3:09 AM Willy Tarreau <[email protected]> wrote: > On Tue, Feb 07, 2017 at 11:21:20AM +0100, [email protected] > wrote: > > Hi, > > > > This bug should be backported from 1.5 to 1.7, and obviously in 1.8. > > unfortunately, the problem is nt cleanly fixed (it is just move), so we > > work on another - and definitive - fix. > > Indeed, just to give an idea, it breaks this : > > http-request redirect prefix "%[src,lower,base64]" > > $ curl -I http://127.0.0.1:8000/log > MTI3LjAuMC4xFound > Cache-Control: no-cache > Content-length: 0 > Location: MTI3LjAuMC4x/log > Connection: close > > I have an idea about a way to make the trash allocations safer, I may > come up with a patch. At least we have two distinct reproducers now. > > Willy >
