From 9095785203b89f2a525eac25b20d137bbba63729 Mon Sep 17 00:00:00 2001 From: Christopher Faulet Date: Mon, 4 May 2026 16:42:50 +0200 Subject: [PATCH] BUG/MINOR: http-fetch: Fix http_auth_bearer() when custom header is used When http_auth_bearer() sample fetch function is called with a custom header and the header is not found or type didn't match 'Bearer', a mismatch must be reported instead of an empty string. This patch should be backported as far as 2.6. --- src/http_fetch.c | 8 +++++--- 1 file changed, 5 insertions(+), 3 deletions(-) diff --git a/src/http_fetch.c b/src/http_fetch.c index 384453418..b501ab096 100644 --- a/src/http_fetch.c +++ b/src/http_fetch.c @@ -1466,14 +1466,16 @@ static int smp_fetch_http_auth_bearer(const struct arg *args, struct sample *smp if (http_find_header(htx, hdr_name, &ctx, 0)) { struct ist type = istsplit(&ctx.value, ' '); + /* no space was found or the space is the first character or no "Bearer" method */ + if (!istlen(type) || istlen(type) == istlen(ctx.value) || !isteqi(type, ist("Bearer"))) + return 0; + /* There must be "at least" one space character between * the scheme and the following value so ctx.value might * still have leading spaces here (see RFC7235). */ ctx.value = istskip(ctx.value, ' '); - - if (isteqi(type, ist("Bearer")) && istlen(ctx.value)) - chunk_initlen(&bearer_val, istptr(ctx.value), 0, istlen(ctx.value)); + chunk_initlen(&bearer_val, istptr(ctx.value), 0, istlen(ctx.value)); } } else {