[prev in list] [next in list] [prev in thread] [next in thread]
List: varnish-commit
Subject: [master] 3a6c4d5 Limit length of header names to not overflow length byte
From: Poul-Henning Kamp <phk () FreeBSD ! org>
Date: 2016-11-29 12:26:05
Message-ID: E1cBhU5-0002P2-FH () project ! varnish-software ! com
[Download RAW message or body]
commit 3a6c4d5f3199c93b6d400ebd1af782a78d0ea921
Author: Poul-Henning Kamp <phk@FreeBSD.org>
Date: Tue Nov 29 10:39:25 2016 +0000
Limit length of header names to not overflow length byte
diff --git a/bin/varnishtest/tests/v00021.vtc b/bin/varnishtest/tests/v00021.vtc
index 664a836..04a8ddc 100644
--- a/bin/varnishtest/tests/v00021.vtc
+++ b/bin/varnishtest/tests/v00021.vtc
@@ -1,4 +1,4 @@
-varnishtest "VCL compiler coverage test: vcc_xref.c"
+varnishtest "VCL compiler coverage test: vcc_xref.c vcc_var.c vcc_symb.c"
varnish v1 -errvcl {Variable 'obj.ttl' is read only.} {
backend b { .host = "127.0.0.1"; }
@@ -72,3 +72,21 @@ varnish v1 -errvcl {Invalid return "deliver"} {
return (deliver);
}
}
+
+varnish v1 -errvcl {HTTP header (buckinghambuckingham..) is too long.} {
+
+ backend foo { .host = "${bad_ip}"; .port = "9080"; }
+
+ sub vcl_deliver {
+ set resp.http.buckinghambuckinghambuckinghambuckinghambuckinghambuckinghambuckinghambuckinghambuckinghambuckinghambuckinghambuckinghambucking \
= "foobar"; + }
+}
+
+varnish v1 -vcl {
+
+ backend foo { .host = "${bad_ip}"; .port = "9080"; }
+
+ sub vcl_deliver {
+ set resp.http.buckinghambuckinghambuckinghambuckinghambuckinghambuckinghambuckinghambuckinghambuckinghambuckinghambuckinghambuckinghambuckin \
= "foobar"; + }
+}
diff --git a/lib/libvcc/vcc_var.c b/lib/libvcc/vcc_var.c
index eac452d..00fc022 100644
--- a/lib/libvcc/vcc_var.c
+++ b/lib/libvcc/vcc_var.c
@@ -51,6 +51,13 @@ vcc_Var_Wildcard(struct vcc *tl, struct symbol *parent,
vh = parent->wildcard_priv;
assert(vh->fmt == HEADER);
+ if (b + 127 <= e) {
+ VSB_printf(tl->sb, "HTTP header (%.20s..) is too long.\n", b);
+ VSB_cat(tl->sb, "\nAt: ");
+ vcc_ErrWhere(tl, tl->t);
+ return;
+ }
+
v = TlAlloc(tl, sizeof *v);
AN(v);
v->r_methods = vh->r_methods;
@@ -100,6 +107,8 @@ vcc_FindVar(struct vcc *tl, const struct token *t, int wr_access,
const struct symbol *sym;
sym = VCC_SymbolTok(tl, NULL, t, SYM_VAR, 0);
+ if (tl->err)
+ return (NULL);
if (sym != NULL) {
if (wr_access && sym->w_methods == 0) {
VSB_printf(tl->sb, "Variable ");
_______________________________________________
varnish-commit mailing list
varnish-commit@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-commit
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic