From f37c16aadd0b5fffdb359f38967cc53240250577 Mon Sep 17 00:00:00 2001
From: Glenn Strauss <gstrauss@gluelogic.com>
Date: Fri, 31 Jan 2020 16:47:39 -0500
Subject: [PATCH] [core] fix one-byte OOB read (underflow)

In some circumstances, if the character on the heap prior to the
beginning of the request is '\r', then it would be overwritten with '\0'

With default compiler flags, this does not appear to occur in practice
and we therefore believe it to be a low-probability vulnerability.

(thx Antonio Morales)

This issue was discovered and reported by GSL team member @
<https://github.com/antonio-morales>antonio-morales
<https://github.com/antonio-morales>  (Antonio Morales)
---
 src/request.c | 2 --
 1 file changed, 2 deletions(-)

diff --git a/src/request.c b/src/request.c
index 7ce30869..9be71b1e 100644
--- a/src/request.c
+++ b/src/request.c
@@ -603,9 +603,7 @@ static size_t http_request_parse_reqline(server *srv, connection *con, buffer *h
 				size_t j, jlen;
 
 				/* \r\n -> \0\0 */
-			      #ifdef __COVERITY__
 				if (0 == i) return 400;
-			      #endif
 				if (ptr[i-1] == '\r') {
 					ptr[i-1] = '\0';
 				} else if (http_header_strict) { /* '\n' */