From: Christopher Faulet Date: Mon, 4 May 2026 14:42:50 +0000 (+0200) Subject: BUG/MINOR: http-fetch: Fix http_auth_bearer() when custom header is used X-Git-Tag: v3.4-dev11~44 X-Git-Url: http://www.kaiwu.me/postgresql/commit/static/gitweb.js?a=commitdiff_plain;h=9095785203b89f2a525eac25b20d137bbba63729;p=haproxy.git BUG/MINOR: http-fetch: Fix http_auth_bearer() when custom header is used When http_auth_bearer() sample fetch function is called with a custom header and the header is not found or type didn't match 'Bearer', a mismatch must be reported instead of an empty string. This patch should be backported as far as 2.6. --- diff --git a/src/http_fetch.c b/src/http_fetch.c index 384453418..b501ab096 100644 --- a/src/http_fetch.c +++ b/src/http_fetch.c @@ -1466,14 +1466,16 @@ static int smp_fetch_http_auth_bearer(const struct arg *args, struct sample *smp if (http_find_header(htx, hdr_name, &ctx, 0)) { struct ist type = istsplit(&ctx.value, ' '); + /* no space was found or the space is the first character or no "Bearer" method */ + if (!istlen(type) || istlen(type) == istlen(ctx.value) || !isteqi(type, ist("Bearer"))) + return 0; + /* There must be "at least" one space character between * the scheme and the following value so ctx.value might * still have leading spaces here (see RFC7235). */ ctx.value = istskip(ctx.value, ' '); - - if (isteqi(type, ist("Bearer")) && istlen(ctx.value)) - chunk_initlen(&bearer_val, istptr(ctx.value), 0, istlen(ctx.value)); + chunk_initlen(&bearer_val, istptr(ctx.value), 0, istlen(ctx.value)); } } else {