[Varnish] #1367: Varnish crashes if GET consists from whitespaces only
Varnish
varnish-bugs at varnish-cache.org
Tue Oct 29 15:41:27 CET 2013
#1367: Varnish crashes if GET consists from whitespaces only
--------------------+--------------------
Reporter: elurin | Type: defect
Status: new | Priority: normal
Milestone: | Component: build
Version: 3.0.4 | Severity: normal
Keywords: |
--------------------+--------------------
Description:
If GET parameter consists only from whitespaces a varnish child crashes.
Unfortunately, sometimes we have bad queries from clients with
whitespaces.
Steps to reproduce:
1. Create simple http request with several whitespaces after GET.
{{{
vec01g:/etc/varnish# telnet localhost 80
Trying ::1...
Connected to localhost.localdomain.
Escape character is '^]'.
GET
Host: example.com
Connection closed by foreign host.
}}}
2. Varnish crashes with trace:
{{{
Oct 29 17:43:23 vec01g Condition((t.b) != 0) not true.
Oct 29 17:43:23 vec01g thread = (cache-worker)
Oct 29 17:43:23 vec01g ident =
Linux,3.8.0-11-na,x86_64,-smalloc,-smalloc,-hcritbit,epoll
Oct 29 17:43:23 vec01g Backtrace:
Oct 29 17:43:23 vec01g 0x430c28: /usr/sbin/varnishd() [0x430c28]
Oct 29 17:43:23 vec01g 0x42d555: /usr/sbin/varnishd() [0x42d555]
Oct 29 17:43:23 vec01g 0x42dd79:
/usr/sbin/varnishd(http_FilterHeader+0x89) [0x42dd79]
Oct 29 17:43:23 vec01g 0x41a755: /usr/sbin/varnishd(CNT_Session+0x7f5)
[0x41a755]
Oct 29 17:43:23 vec01g 0x432971: /usr/sbin/varnishd() [0x432971]
Oct 29 17:43:23 vec01g 0x7fd813a349ca: /lib/libpthread.so.0(+0x69ca)
[0x7fd813a349ca]
Oct 29 17:43:23 vec01g 0x7fd81379170d: /lib/libc.so.6(clone+0x6d)
[0x7fd81379170d]
Oct 29 17:43:23 vec01g sp = 0x7fd740489008 {
Oct 29 17:43:23 vec01g fd = 3, id = 3, xid = 1901155339,
Oct 29 17:43:23 vec01g client = ::1 49391,
Oct 29 17:43:23 vec01g step = STP_PIPE,
Oct 29 17:43:23 vec01g handling = hash,
Oct 29 17:43:23 vec01g err_code = 413, err_reason = (null),
Oct 29 17:43:23 vec01g restarts = 1, esi_level = 0
Oct 29 17:43:23 vec01g flags =.
Oct 29 17:43:23 vec01g bodystatus = 4
Oct 29 17:43:23 vec01g ws = 0x7fd740489080 {.
Oct 29 17:43:23 vec01g id = "sess",
Oct 29 17:43:23 vec01g {s,f,r,e} = {0x7fd740489c78,+408,(nil),+262144},
Oct 29 17:43:23 vec01g },
Oct 29 17:43:23 vec01g http[req] = {
Oct 29 17:43:23 vec01g ws = 0x7fd740489080[sess]
Oct 29 17:43:23 vec01g "GET",
Oct 29 17:43:23 vec01g "
Oct 29 17:43:23 vec01g Host: example.com
Oct 29 17:43:23 vec01g host: example-internal.com",
Oct 29 17:43:23 vec01g "host: example-internal.com",
Oct 29 17:43:23 vec01g },
Oct 29 17:43:23 vec01g worker = 0x7fd74116da90 {
Oct 29 17:43:23 vec01g ws = 0x7fd74116dcc8 {.
Oct 29 17:43:23 vec01g id = "wrk",
Oct 29 17:43:23 vec01g {s,f,r,e} =
{0x7fd741155a20,0x7fd741155a20,(nil),+65536},
Oct 29 17:43:23 vec01g },
Oct 29 17:43:23 vec01g http[bereq] = {
Oct 29 17:43:23 vec01g ws = 0x7fd74116dcc8[wrk]
Oct 29 17:43:23 vec01g "GET",
Oct 29 17:43:23 vec01g "
Oct 29 17:43:23 vec01g Host: example.com
Oct 29 17:43:23 vec01g host: example-internal.com",
Oct 29 17:43:23 vec01g },
Oct 29 17:43:23 vec01g },
Oct 29 17:43:23 vec01g vcl = {
Oct 29 17:43:23 vec01g srcname = {
Oct 29 17:43:23 vec01g "input",
Oct 29 17:43:23 vec01g "Default",
Oct 29 17:43:23 vec01g "/etc/varnish/ban.list",
Oct 29 17:43:23 vec01g "/etc/varnish/backends-load.vcl",
Oct 29 17:43:23 vec01g },
Oct 29 17:43:23 vec01g },
Oct 29 17:43:23 vec01g },
Oct 29 13:43:23 vec01g varnishd[4942]: Child cleanup complete
}}}
Varnish version: 3.0.4
Ident: ident = Linux,3.8.0-11-na,x86_64,-smalloc,-smalloc,-hcritbit,epoll
Of course, we can normalize queries in the vec_recv section with
"if (req.url !~ "^/") {error 400;}" match,but this is a wooden leg.
--
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1367>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator
More information about the varnish-bugs
mailing list