[prev in list] [next in list] [prev in thread] [next in thread]
List: varnish-misc
Subject: Re: Detecting and fixing VSV00004 in older releases
From: Sylvain Beucler <beuc () beuc ! net>
Date: 2020-05-13 13:25:01
Message-ID: 7d2af31c-e7c3-58c9-bfb6-6e29748a3a2a () beuc ! net
[Download RAW message or body]
Hi,
On 13/05/2020 11:03, Dridi Boukelmoune wrote:
>> I tried to reproduce it myself today and I wasn't able to trigger the
>> leak on the master branch's commit prior to the fix. I asked
>> internally whether we have a reliable reproducer or if it's something
>> that needs a consequential workload to be observable.
>
> The step I was missing trying to reproduce this on my own was ensuring
> that the error reason is far enough in the client workspace to be
> leakable.
>
> It turns out we had a test case covering all 3 scenarios that was
> supposed to be pushed a while after the disclosure, but was forgotten.
>
> You can use this test case now before and after applying the patch:
>
> https://github.com/varnishcache/varnish-cache/commit/0c9c38513bdb7730ac886eba7563f2d87894d734
Thanks a lot!
I was able to check and fix one version (6.1.1), I'll now check the others.
Regards,
Sylvain Beucler
Debian LTS Team
_______________________________________________
varnish-misc mailing list
varnish-misc@varnish-cache.org
https://www.varnish-cache.org/lists/mailman/listinfo/varnish-misc
[prev in list] [next in list] [prev in thread] [next in thread]
Configure |
About |
News |
Add a list |
Sponsored by KoreLogic