From dcecb7ac18396bf1066851562a6e9388528fdde1 Mon Sep 17 00:00:00 2001
From: InterLinked1 <24227567+InterLinked1@users.noreply.github.com>
Date: Sat, 18 Nov 2023 20:03:46 -0500
Subject: [PATCH] mod_http_proxy: Fix CONNECT crash if missing hostname.

If the request line does not include a hostname for
CONNECT proxy requests, we could copy from a NULL
source buffer, leading to a SEGV. If this happens,
the request is malformed, so just abort.
---
 modules/mod_asterisk_queues.c | 2 --
 modules/mod_http_proxy.c      | 4 ++++
 2 files changed, 4 insertions(+), 2 deletions(-)

diff --git a/modules/mod_asterisk_queues.c b/modules/mod_asterisk_queues.c
index b4a14c98..532fe126 100644
--- a/modules/mod_asterisk_queues.c
+++ b/modules/mod_asterisk_queues.c
@@ -155,8 +155,6 @@ int bbs_queue_call_handler_unregister(const char *name)
 	return 0;
 }
 
-//static pthread_mutex_t queue_lock = PTHREAD_MUTEX_INITIALIZER;
-
 static char system_title[42];
 static char call_menu_title[48];
 static char queue_id_var[64];
diff --git a/modules/mod_http_proxy.c b/modules/mod_http_proxy.c
index 67c316fd..0b409547 100644
--- a/modules/mod_http_proxy.c
+++ b/modules/mod_http_proxy.c
@@ -218,6 +218,10 @@ static enum http_response_code proxy_handler(struct http_session *http)
 
 	/* Want the host without the port attached */
 	if (http->req->method & HTTP_METHOD_CONNECT) {
+		if (strlen_zero(http->req->host)) {
+			bbs_warning("CONNECT request missing hostname\n");
+			return HTTP_BAD_REQUEST;
+		}
 		bbs_strncpy_until(hostbuf, http->req->host, sizeof(hostbuf), ':'); /* Strip : */
 		host = hostbuf;
 	} else {