[Varnish] #1367: Varnish crashes if GET consists from whitespaces only

Varnish varnish-bugs at varnish-cache.org
Tue Oct 29 15:41:27 CET 2013


#1367: Varnish crashes if GET consists from whitespaces only
--------------------+--------------------
 Reporter:  elurin  |       Type:  defect
   Status:  new     |   Priority:  normal
Milestone:          |  Component:  build
  Version:  3.0.4   |   Severity:  normal
 Keywords:          |
--------------------+--------------------
 Description:
 If GET parameter consists  only from whitespaces a  varnish child crashes.
 Unfortunately, sometimes we have bad queries  from clients with
 whitespaces.
 Steps to reproduce:
 1. Create simple http request with several whitespaces after GET.
 {{{
 vec01g:/etc/varnish# telnet localhost 80
 Trying ::1...
 Connected to localhost.localdomain.
 Escape character is '^]'.
 GET
 Host: example.com

 Connection closed by foreign host.

 }}}

 2. Varnish crashes with trace:

 {{{
 Oct 29 17:43:23 vec01g Condition((t.b) != 0) not true.
 Oct 29 17:43:23 vec01g thread = (cache-worker)
 Oct 29 17:43:23 vec01g ident =
 Linux,3.8.0-11-na,x86_64,-smalloc,-smalloc,-hcritbit,epoll
 Oct 29 17:43:23 vec01g Backtrace:
 Oct 29 17:43:23 vec01g 0x430c28: /usr/sbin/varnishd() [0x430c28]
 Oct 29 17:43:23 vec01g 0x42d555: /usr/sbin/varnishd() [0x42d555]
 Oct 29 17:43:23 vec01g 0x42dd79:
 /usr/sbin/varnishd(http_FilterHeader+0x89) [0x42dd79]
 Oct 29 17:43:23 vec01g 0x41a755: /usr/sbin/varnishd(CNT_Session+0x7f5)
 [0x41a755]
 Oct 29 17:43:23 vec01g 0x432971: /usr/sbin/varnishd() [0x432971]
 Oct 29 17:43:23 vec01g 0x7fd813a349ca: /lib/libpthread.so.0(+0x69ca)
 [0x7fd813a349ca]
 Oct 29 17:43:23 vec01g 0x7fd81379170d: /lib/libc.so.6(clone+0x6d)
 [0x7fd81379170d]
 Oct 29 17:43:23 vec01g sp = 0x7fd740489008 {
 Oct 29 17:43:23 vec01g fd = 3, id = 3, xid = 1901155339,
 Oct 29 17:43:23 vec01g client = ::1 49391,
 Oct 29 17:43:23 vec01g step = STP_PIPE,
 Oct 29 17:43:23 vec01g handling = hash,
 Oct 29 17:43:23 vec01g err_code = 413, err_reason = (null),
 Oct 29 17:43:23 vec01g restarts = 1, esi_level = 0
 Oct 29 17:43:23 vec01g flags =.
 Oct 29 17:43:23 vec01g bodystatus = 4
 Oct 29 17:43:23 vec01g ws = 0x7fd740489080 {.
 Oct 29 17:43:23 vec01g id = "sess",
 Oct 29 17:43:23 vec01g {s,f,r,e} = {0x7fd740489c78,+408,(nil),+262144},
 Oct 29 17:43:23 vec01g },
 Oct 29 17:43:23 vec01g http[req] = {
 Oct 29 17:43:23 vec01g ws = 0x7fd740489080[sess]
 Oct 29 17:43:23 vec01g "GET",
 Oct 29 17:43:23 vec01g "
 Oct 29 17:43:23 vec01g Host: example.com
 Oct 29 17:43:23 vec01g host: example-internal.com",
 Oct 29 17:43:23 vec01g "host: example-internal.com",
 Oct 29 17:43:23 vec01g },
 Oct 29 17:43:23 vec01g worker = 0x7fd74116da90 {
 Oct 29 17:43:23 vec01g ws = 0x7fd74116dcc8 {.
 Oct 29 17:43:23 vec01g id = "wrk",
 Oct 29 17:43:23 vec01g {s,f,r,e} =
 {0x7fd741155a20,0x7fd741155a20,(nil),+65536},
 Oct 29 17:43:23 vec01g },
 Oct 29 17:43:23 vec01g http[bereq] = {
 Oct 29 17:43:23 vec01g ws = 0x7fd74116dcc8[wrk]
 Oct 29 17:43:23 vec01g "GET",
 Oct 29 17:43:23 vec01g "
 Oct 29 17:43:23 vec01g Host: example.com
 Oct 29 17:43:23 vec01g host: example-internal.com",
 Oct 29 17:43:23 vec01g },
 Oct 29 17:43:23 vec01g },
 Oct 29 17:43:23 vec01g vcl = {
 Oct 29 17:43:23 vec01g srcname = {
 Oct 29 17:43:23 vec01g "input",
 Oct 29 17:43:23 vec01g "Default",
 Oct 29 17:43:23 vec01g "/etc/varnish/ban.list",
 Oct 29 17:43:23 vec01g "/etc/varnish/backends-load.vcl",
 Oct 29 17:43:23 vec01g },
 Oct 29 17:43:23 vec01g },
 Oct 29 17:43:23 vec01g },
 Oct 29 13:43:23 vec01g varnishd[4942]: Child cleanup complete
 }}}

 Varnish version: 3.0.4
 Ident: ident = Linux,3.8.0-11-na,x86_64,-smalloc,-smalloc,-hcritbit,epoll

 Of course, we can normalize queries in the vec_recv section with
 "if (req.url !~ "^/") {error 400;}" match,but this is a wooden leg.

-- 
Ticket URL: <https://www.varnish-cache.org/trac/ticket/1367>
Varnish <https://varnish-cache.org/>
The Varnish HTTP Accelerator




More information about the varnish-bugs mailing list