[prev in list] [next in list] [prev in thread] [next in thread]
List: varnish-commit
Subject: [3.0] 6f5812c Return 503 when Vary-headers references header names more than 127 (out limit) charact
From: Martin Blix Grydeland <martin () varnish-cache ! org>
Date: 2013-03-19 15:35:49
Message-ID: E1UHyZp-0002fs-JQ () project ! varnish-software ! com
[Download RAW message or body]
commit 6f5812c528430fabd175611aeb51b0c9c8dc42b0
Author: Martin Blix Grydeland <martin@varnish-software.com>
Date: Mon Mar 18 17:00:57 2013 +0100
Return 503 when Vary-headers references header names more than 127
(out limit) characters long.
Fixes: #1274
Test case by: Dag Haavi Finstad
diff --git a/bin/varnishd/cache_vary.c b/bin/varnishd/cache_vary.c
index c53a19a..65a1978 100644
--- a/bin/varnishd/cache_vary.c
+++ b/bin/varnishd/cache_vary.c
@@ -105,6 +105,12 @@ VRY_Create(const struct sess *sp, const struct http *hp, struct \
vsb **psb) for (q = p; *q && !vct_issp(*q) && *q != ','; q++)
continue;
+ if (q - p > INT8_MAX) {
+ WSP(sp, SLT_Error, "Vary header name length exceeded");
+ error = 1;
+ break;
+ }
+
/* Build a header-matching string out of it */
VSB_clear(sbh);
VSB_printf(sbh, "%c%.*s:%c",
diff --git a/bin/varnishtest/tests/r01274.vtc b/bin/varnishtest/tests/r01274.vtc
new file mode 100644
index 0000000..fe427cc
--- /dev/null
+++ b/bin/varnishtest/tests/r01274.vtc
@@ -0,0 +1,15 @@
+varnishtest "#1274 - panic when Vary field-name is too large to fit in a signed \
char" +
+server s1 {
+ rxreq
+ # Vary header more than 127 characters long
+ txresp -hdr "Vary: \
aaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaaa" \
+} -start
+
+varnish v1 -vcl+backend { } -start
+
+client c1 {
+ txreq
+ rxresp
+ expect resp.status == 503
+} -run
_______________________________________________
varnish-commit mailing list
varnish-commit@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic