From 2d28367d472912168e72df635b8dc2c40bbafa0c Mon Sep 17 00:00:00 2001
From: benno <benno@openbsd.org>
Date: Sun, 13 Jul 2014 00:18:05 +0000
Subject: [PATCH] repair matching of headers, add regress test for this error
 ok reyk

---
 .../usr.sbin/relayd/args-http-mark-marked2.pl | 43 +++++++++++++++++++
 usr.sbin/relayd/relay_http.c                  |  9 +++-
 2 files changed, 51 insertions(+), 1 deletion(-)
 create mode 100644 regress/usr.sbin/relayd/args-http-mark-marked2.pl

diff --git a/regress/usr.sbin/relayd/args-http-mark-marked2.pl b/regress/usr.sbin/relayd/args-http-mark-marked2.pl
new file mode 100644
index 00000000000..234c8af114e
--- /dev/null
+++ b/regress/usr.sbin/relayd/args-http-mark-marked2.pl
@@ -0,0 +1,43 @@
+# match and set header with tags
+
+use strict;
+use warnings;
+
+my %header_client = (
+    "User-Agent" => "Mozilla Bla",
+    "MyHeader" => "UnmatchableContent",
+);
+
+our %args = (
+    client => {
+	func => \&http_client,
+	header => \%header_client,
+	len => 33,
+    },
+    relayd => {
+	protocol => [ "http",
+	    # setting the User-Agent should succeed
+	    'match request header "User-Agent" value "Mozilla*" tag BORK',
+	    'match request header set "User-Agent" value "BORK" tagged BORK',
+	    'match request header log "User-Agent"',
+	    # setting MyHeader should not happen
+	    'match request header "MyHeader" value "SomethingDifferent" tag FOO',
+	    'match request header set "MyHeader" value "FOO" tagged FOO',
+	    'match request header log "MyHeader"',
+	],
+	loggrep => {
+	    'User-Agent: BORK' => 1,
+	    'MyHeader: FOO' => 0,
+	},
+    },
+    server => {
+	func => \&http_server,
+	loggrep => {
+	    "User-Agent: BORK" => 1,
+	    "MyHeader: FOO" => 0,
+	}
+    },
+    len => 33,
+);
+
+1;
diff --git a/usr.sbin/relayd/relay_http.c b/usr.sbin/relayd/relay_http.c
index 9e30487d525..ede8aa4751b 100644
--- a/usr.sbin/relayd/relay_http.c
+++ b/usr.sbin/relayd/relay_http.c
@@ -1,4 +1,4 @@
-/*	$OpenBSD: relay_http.c,v 1.27 2014/07/12 15:47:18 benno Exp $	*/
+/*	$OpenBSD: relay_http.c,v 1.28 2014/07/13 00:18:05 benno Exp $	*/
 
 /*
  * Copyright (c) 2006 - 2014 Reyk Floeter <reyk@openbsd.org>
@@ -1229,6 +1229,13 @@ relay_httpheader_test(struct ctl_relay_event *cre, struct relay_rule *rule,
 	} else if (match == NULL) {
 		/* Fail if header doesn't exist */
 		return (-1);
+	} else {
+		if (fnmatch(kv->kv_key, match->kv_key, FNM_CASEFOLD) == FNM_NOMATCH)
+			return (-1);
+		if (kv->kv_value != NULL &&
+		    match->kv_value != NULL &&
+		    fnmatch(kv->kv_value, match->kv_value, 0) == FNM_NOMATCH)
+			return (-1);
 	}
 
 	relay_match(actions, kv, match, &desc->http_headers);
-- 
2.20.1