Marc Stern

FYI: We're using it on prod for 2 months on several huge sites

Can we be future-proof and find a standard for additional parameters? Like "@Operator @param1:value1 @param2:value2 target..." Examples: - "@Pm @PmCustomSeparator:| htaccess|This is an error string| hi" - "@contains @nocase:yes select...

I cannot provide more details but I can try to reexplain it in another way. In json_add_argument(), we calculate the offset of the data to sanitize the following way: arg->value_origin_offset...

I was able to reproduce it in debug and visualize it. It overwrites some random memory, leading (sometimes?) to a crash dump (exception on memory access).

> The relevant memset seems to be protected by a proper if-condition Which one? I don't see any if condition protecting against that. Actually no condition could protect against that,...

The RPM is correct: ``` 14:15:16[root@localhost rpm]rpm mypackage -q --recommends bind-utils bzip2 chrony dnf-automatic firewalld geoipupdate mod_maxminddb net-tools psmisc rsyslog socat tar ```

By the way, geoipupdate & socat are installed automatically, while dnf-automatic not !?!

Would it be possible to explain the current (buggy) behaviour? Does "Recommends" sometimes work or never? In which conditions? Is there any work-around? Is the problem present in yum as...

Anything else I can provide to help merging this PR?

Some more info: if I send in HTTPS 4 headers of 8 K each, I get the following exception ``` org.eclipse.jetty.http2.hpack.HpackException$SessionException: Could not hpack encode GET{u=https://vh1.waf-test.approach.be:443/TestSecHeadersSizeMax100k,HTTP/2.0,h=15,cl=-1,p=null} at org.eclipse.jetty.http2.hpack.HpackEncoder.encode(HpackEncoder.java:278) at org.eclipse.jetty.http2.generator.FrameGenerator.encode(FrameGenerator.java:56)...