From: bluhm Date: Mon, 18 May 2015 16:45:16 +0000 (+0000) Subject: The first line of a HTTP request is the method-url-version. The X-Git-Url: http://artulab.com/gitweb/?a=commitdiff_plain;h=9779e1083eaf0016c5af8941acee0dc760be3ce0;p=openbsd The first line of a HTTP request is the method-url-version. The second line is a key-value header. So you cannot append to the previous key-value before line three. Also reset the last header when all headers are purged to avoid a use after free. OK benno@ reyk@ --- diff --git a/usr.sbin/relayd/relay_http.c b/usr.sbin/relayd/relay_http.c index 97bff864226..4e3af605a15 100644 --- a/usr.sbin/relayd/relay_http.c +++ b/usr.sbin/relayd/relay_http.c @@ -1,4 +1,4 @@ -/* $OpenBSD: relay_http.c,v 1.44 2015/04/29 08:41:24 bluhm Exp $ */ +/* $OpenBSD: relay_http.c,v 1.45 2015/05/18 16:45:16 bluhm Exp $ */ /* * Copyright (c) 2006 - 2015 Reyk Floeter @@ -149,6 +149,7 @@ relay_httpdesc_free(struct http_descriptor *desc) desc->query_val = NULL; } kv_purge(&desc->http_headers); + desc->http_lastheader = NULL; } void @@ -213,7 +214,7 @@ relay_read_http(struct bufferevent *bev, void *arg) else value = strchr(key, ':'); if (value == NULL) { - if (cre->line == 1) { + if (cre->line <= 2) { free(line); relay_abort_http(con, 400, "malformed", 0); return;