From 632b54ebfc8847037d1a0537c536be53fc0a7214 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Fri, 24 Apr 2026 11:06:16 +0200 Subject: [PATCH] BUG/MEDIUM: http-htx: Don't use data from HTX message to update authority When a host header value is updated, the authority can also be updated accordingly. When it is performed, we must not use the new host header value from the HTX message. Instead we must use the data passed as argument. It is unexpected but the host header can have several comma-separated values. Using the full header value can lead to unexpected result. Note: having multiple comma-separated values for the host header should not be supported. The comma should be part of the host value. But it is quite ambiguous. This will be fixed in another commit. This patch must be backported to all stable versions. --- src/http_htx.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) diff --git a/src/http_htx.c b/src/http_htx.c index c80356364..c25ab6991 100644 --- a/src/http_htx.c +++ b/src/http_htx.c @@ -669,7 +669,6 @@ int http_replace_header_value(struct htx *htx, struct http_hdr_ctx *ctx, const s blk = htx_replace_blk_value(htx, blk, ist2(start, len), data); if (!blk) goto fail; - v = htx_get_blk_value(htx, blk); sl = http_get_stline(htx); @@ -677,7 +676,7 @@ int http_replace_header_value(struct htx *htx, struct http_hdr_ctx *ctx, const s struct ist n = htx_get_blk_name(htx, blk); if (isteq(n, ist("host"))) { - if (!http_update_authority(htx, sl, v)) + if (!http_update_authority(htx, sl, data)) goto fail; ctx->blk = NULL; http_find_header(htx, ist("host"), ctx, 1);