r3500 - in trunk/varnish-cache/bin: varnishd varnishtest/tests
phk at projects.linpro.no
phk at projects.linpro.no
Sat Jan 10 23:27:39 CET 2009
Author: phk
Date: 2009-01-10 23:27:39 +0100 (Sat, 10 Jan 2009)
New Revision: 3500
Added:
trunk/varnish-cache/bin/varnishtest/tests/r00387.vtc
Modified:
trunk/varnish-cache/bin/varnishd/cache_fetch.c
Log:
Don't panic if the chunked header is ridiculously long, just fail
the transaction.
Fixes #387
Modified: trunk/varnish-cache/bin/varnishd/cache_fetch.c
===================================================================
--- trunk/varnish-cache/bin/varnishd/cache_fetch.c 2009-01-10 22:14:58 UTC (rev 3499)
+++ trunk/varnish-cache/bin/varnishd/cache_fetch.c 2009-01-10 22:27:39 UTC (rev 3500)
@@ -110,7 +110,8 @@
/* If we didn't succeed, add to buffer, try again */
if (q == NULL || q == buf || *q != '\n') {
- xxxassert(be > bp);
+ if (bp >= be)
+ return (-1);
/*
* The semantics we need here is "read until you have
* received at least one character, but feel free to
Added: trunk/varnish-cache/bin/varnishtest/tests/r00387.vtc
===================================================================
--- trunk/varnish-cache/bin/varnishtest/tests/r00387.vtc (rev 0)
+++ trunk/varnish-cache/bin/varnishtest/tests/r00387.vtc 2009-01-10 22:27:39 UTC (rev 3500)
@@ -0,0 +1,22 @@
+# $Id$
+
+test "Regression test for #387: too long chunk header"
+
+server s1 {
+ rxreq
+ send "HTTP/1.1 200 Ok\r\n"
+ send "Transfer-encoding: chunked\r\n"
+ send "\r\n"
+ send "004\r\n1234\r\n"
+ send "000000000000000000001\r\n@\r\n"
+ send "00000000\r\n"
+} -start
+
+varnish v1 -vcl+backend {} -start
+
+client c1 {
+ txreq
+ rxresp
+ expect resp.status == 503
+} -run
+
More information about the varnish-commit
mailing list