Le 25/04/2019 à 16:50, PR Bot a écrit :
Dear list!
Author: Yann Cézard <ycez...@viareport.com>
Number of patches: 1
This is an automated relay of the Github pull request:
modescurity spoa (contrib) crash if Host header is absent in HTTP
request
Patch title(s):
If host header is NULL, don't try to strdup it.
Link:
https://github.com/haproxy/haproxy/pull/86
Edit locally:
wget https://github.com/haproxy/haproxy/pull/86.patch && vi 86.patch
Apply locally:
curl https://github.com/haproxy/haproxy/pull/86.patch | git am -
Description:
I discovered this bug when running OWASP regression tests against
HAProxy + modsecurity-spoa (it's a POC to evaluate how it is working).
I found out that modsecurity spoa will crash when the request doesn't
have any Host header.
Hi Yann,
Thanks. I pushed and backported this patch and the other one too. I
slightly updated the commit messages to follow CONTRIBUTING guidelines.
Please, try to follow them as far as possible the next time.
Regards,
--
Christopher Faulet