r4052 - trunk/varnish-cache/bin/varnishd

[phk at projects.linpro.no]

Author: phk
Date: 2009-05-09 10:14:55 +0200 (Sat, 09 May 2009)
New Revision: 4052

Modified:
   trunk/varnish-cache/bin/varnishd/cache_http.c
Log:
Be more paranoid about backend responses, a response of:
	HTTP/1.1 1000\n\r\n\r
would panic us trying to find a suitable message for 1000.

Now we 503 the response instead.

Fixes #506



Modified: trunk/varnish-cache/bin/varnishd/cache_http.c
===================================================================
--- trunk/varnish-cache/bin/varnishd/cache_http.c	2009-05-04 20:22:41 UTC (rev 4051)
+++ trunk/varnish-cache/bin/varnishd/cache_http.c	2009-05-09 08:14:55 UTC (rev 4052)
@@ -502,25 +502,35 @@
 http_DissectResponse(struct worker *w, const struct http_conn *htc,
     struct http *hp)
 {
-	int i;
+	int i = 0;
 
 	CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
 	CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
 	hp->logtag = HTTP_Rx;
 
-	i = http_splitline(w, htc->fd, hp, htc,
-	    HTTP_HDR_PROTO, HTTP_HDR_STATUS, HTTP_HDR_RESPONSE);
+	if (http_splitline(w, htc->fd, hp, htc,
+	    HTTP_HDR_PROTO, HTTP_HDR_STATUS, HTTP_HDR_RESPONSE))
+		i = 503;
 
-	if (i != 0 || memcmp(hp->hd[HTTP_HDR_PROTO].b, "HTTP/1.", 7))
+	if (i == 0 && memcmp(hp->hd[HTTP_HDR_PROTO].b, "HTTP/1.", 7))
+		i = 503;
+
+	if (i == 0 && Tlen(hp->hd[HTTP_HDR_STATUS]) != 3)
+		i = 503;
+
+	if (i == 0) {
+		hp->status = strtoul(hp->hd[HTTP_HDR_STATUS].b, NULL, 10);
+		if (hp->status < 100 || hp->status > 999)
+			i = 503;
+	}
+
+	if (i != 0) {
 		WSLR(w, SLT_HttpGarbage, htc->fd, htc->rxbuf);
-	if (i != 0) {
-		if (hp->status == 0)
-			hp->status = i;
+		hp->status = i;
 	} else {
-		hp->status =
-		    strtoul(hp->hd[HTTP_HDR_STATUS].b, NULL /* XXX */, 10);
+		http_ProtoVer(hp);
 	}
-	http_ProtoVer(hp);
+
 	if (hp->hd[HTTP_HDR_RESPONSE].b == NULL ||
 	    !Tlen(hp->hd[HTTP_HDR_RESPONSE])) {
 		/* Backend didn't send a response string, use the standard */