mod_http_proxy: Fix CONNECT crash if missing hostname.

If the request line does not include a hostname for CONNECT proxy requests, we could copy from a NULL source buffer, leading to a SEGV. If this happens, the request is malformed, so just abort.
InterLinked1 · Nov 19, 2023 · dcecb7a · dcecb7a
1 parent 18e401f
commit dcecb7a
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 2 deletions.
diff --git a/modules/mod_asterisk_queues.c b/modules/mod_asterisk_queues.c
@@ -155,8 +155,6 @@ int bbs_queue_call_handler_unregister(const char *name)
 	return 0;
 }
 
-//static pthread_mutex_t queue_lock = PTHREAD_MUTEX_INITIALIZER;
-
 static char system_title[42];
 static char call_menu_title[48];
 static char queue_id_var[64];

diff --git a/modules/mod_http_proxy.c b/modules/mod_http_proxy.c
@@ -218,6 +218,10 @@ static enum http_response_code proxy_handler(struct http_session *http)
 
 	/* Want the host without the port attached */
 	if (http->req->method & HTTP_METHOD_CONNECT) {
+		if (strlen_zero(http->req->host)) {
+			bbs_warning("CONNECT request missing hostname\n");
+			return HTTP_BAD_REQUEST;
+		}
 		bbs_strncpy_until(hostbuf, http->req->host, sizeof(hostbuf), ':'); /* Strip : */
 		host = hostbuf;
 	} else {