r5589 - trunk/varnish-cache/lib/libvarnish
phk at varnish-cache.org
phk at varnish-cache.org
Fri Nov 26 12:42:01 CET 2010
Author: phk
Date: 2010-11-26 12:42:00 +0100 (Fri, 26 Nov 2010)
New Revision: 5589
Modified:
trunk/varnish-cache/lib/libvarnish/cli_serve.c
Log:
Do not allow here-documents for unauthenticated CLI sessions to prevent
them from becoming an out of memory DoS.
Modified: trunk/varnish-cache/lib/libvarnish/cli_serve.c
===================================================================
--- trunk/varnish-cache/lib/libvarnish/cli_serve.c 2010-11-25 14:46:34 UTC (rev 5588)
+++ trunk/varnish-cache/lib/libvarnish/cli_serve.c 2010-11-26 11:42:00 UTC (rev 5589)
@@ -338,7 +338,7 @@
}
for (i = 1; av[i] != NULL; i++)
continue;
- if (i < 3 || strcmp(av[i - 2], "<<")) {
+ if (i < 3 || cli->auth == 0 || strcmp(av[i - 2], "<<")) {
i = cls_vlu2(priv, av);
FreeArgv(av);
free(cli->cmd);
More information about the varnish-commit
mailing list