From a16f357ba18baf7f7c39c7045373c2dbfbaac9a6 Mon Sep 17 00:00:00 2001
From: Leonardo Sarra <leonardo.sarra@est.tech>
Date: Mon, 5 Aug 2024 10:44:03 +0000
Subject: [PATCH] fix use-after-free bug

Signed-off-by: Leonardo Sarra <leonardo.sarra@est.tech>
---
 source/common/router/router.cc | 6 +++---
 1 file changed, 3 insertions(+), 3 deletions(-)

diff --git a/source/common/router/router.cc b/source/common/router/router.cc
index a076fae2e132f..0b4a83d0b094b 100644
--- a/source/common/router/router.cc
+++ b/source/common/router/router.cc
@@ -580,10 +580,10 @@ Http::FilterHeadersStatus Filter::decodeHeaders(Http::RequestHeaderMap& headers,
       (upstream_http_protocol_options.value().auto_sni() ||
        upstream_http_protocol_options.value().auto_san_validation())) {
     // Default the header to Host/Authority header.
-    auto header_value = headers.getHostValue();
-    if (Runtime::runtimeFeatureEnabled(
+    std::string header_value = route_entry_->getRequestHostValue(headers);
+    if (!Runtime::runtimeFeatureEnabled(
             "envoy.reloadable_features.use_route_host_mutation_for_auto_sni")) {
-      header_value = route_entry_->getRequestHostValue(headers);
+      header_value = std::string(headers.getHostValue());
     }
 
     // Check whether `override_auto_sni_header` is specified.