mirror of
https://git.haproxy.org/git/haproxy.git/
synced 2025-09-21 13:51:26 +02:00
7b0e00d943
The hdr_ip() sample fetch function will try to extract IP addresses from a header field. These IP addresses are parsed using url2ipv4() and if it fails it will fall back to inet_pton(AF_INET6), otherwise will fail. There is a small problem there which is that if a field starts with an IP address and is immediately followed by some garbage, the IP address part is still returned. This is a problem with fields such as x-forwarded-for because it prevents detection of accidental corruption or bug along the chain. For example, the following string: x-forwarded-for: 1.2.3.4; 5.6.7.8 or this one: x-forwarded-for: 1.2.3.4O ( the last one being the letter 'O') would still return "1.2.3.4" despite the trailing characters. This is bad because it will silently cover broken code running on intermediary proxies and may even in some cases allow haproxy to pass improperly formatted headers after they were apparently validated, for example, if someone extracts the address from this field to place it into another one. This issue would only affect the IPv4 parser, because the IPv6 parser already uses inet_pton() which fails at the first invalid character and rejects trailing port numbers. In strict compliance with RFC7239, let's make sure that if there are any characters left in the string, the parsing fails and makes hdr_ip() return nothing. However, a special case has to be handled to support IPv4 addresses followed by a colon and a valid port number, because till now the parser used to implicitly accept them and it appears that this practice, though rare, does exist at least in Azure: https://docs.microsoft.com/en-us/azure/application-gateway/how-application-gateway-works This issue has always been there so the fix may be backported to all versions. It will need the following commit in order to work as expected: MINOR: tools: make url2ipv4 return the exact number of bytes parsed Many thanks to https://twitter.com/melardev and the BitMEX Security Team for their detailed report.
The HAProxy documentation has been split into a number of different files for ease of use. Please refer to the following files depending on what you're looking for : - INSTALL for instructions on how to build and install HAProxy - BRANCHES to understand the project's life cycle and what version to use - LICENSE for the project's license - CONTRIBUTING for the process to follow to submit contributions The more detailed documentation is located into the doc/ directory : - doc/intro.txt for a quick introduction on HAProxy - doc/configuration.txt for the configuration's reference manual - doc/lua.txt for the Lua's reference manual - doc/SPOE.txt for how to use the SPOE engine - doc/network-namespaces.txt for how to use network namespaces under Linux - doc/management.txt for the management guide - doc/regression-testing.txt for how to use the regression testing suite - doc/peers.txt for the peers protocol reference - doc/coding-style.txt for how to adopt HAProxy's coding style - doc/internals for developer-specific documentation (not all up to date)