[master] 3eae7f2 Issue 400 code if header lines lack a ':'
Poul-Henning Kamp
phk at FreeBSD.org
Tue Sep 23 09:48:53 CEST 2014
commit 3eae7f22a8e842f47c169cfb1f4fd335b0af65da
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date: Tue Sep 23 07:48:29 2014 +0000
Issue 400 code if header lines lack a ':'
Fixes #1598
diff --git a/bin/varnishd/cache/cache_http1_proto.c b/bin/varnishd/cache/cache_http1_proto.c
index 79288c6..49047d3 100644
--- a/bin/varnishd/cache/cache_http1_proto.c
+++ b/bin/varnishd/cache/cache_http1_proto.c
@@ -282,6 +282,12 @@ http1_dissect_hdrs(struct http *hp, char *p, const struct http_conn *htc)
q--;
*q = '\0';
+ if (strchr(p, ':') == NULL) {
+ VSLb(hp->vsl, SLT_BogoHeader, "Header without ':' %.*s",
+ (int)(q - p > 20 ? 20 : q - p), p);
+ return (400);
+ }
+
if (hp->nhd < hp->shd) {
hp->hdf[hp->nhd] = 0;
hp->hd[hp->nhd].b = p;
diff --git a/bin/varnishtest/tests/r01598.vtc b/bin/varnishtest/tests/r01598.vtc
new file mode 100644
index 0000000..39b3ae8
--- /dev/null
+++ b/bin/varnishtest/tests/r01598.vtc
@@ -0,0 +1,34 @@
+varnishtest "#1598 - Missing ':' in server response headers"
+
+server s1 {
+ rxreq
+ txresp -hdr "ETag: \"tag\"" -hdr "foo"
+ accept
+
+ rxreq
+ txresp
+} -start
+
+varnish v1 -vcl+backend {
+ sub vcl_backend_response {
+ set beresp.ttl = 1s;
+ set beresp.grace = 0s;
+ set beresp.keep = 60s;
+ }
+} -start
+
+varnish v1 -cliok "param.set debug +syncvsl"
+
+client c1 {
+ txreq
+ rxresp
+ expect resp.status == 503
+} -run
+
+delay .1
+
+client c1 {
+ txreq
+ rxresp
+ expect resp.status == 200
+} -run
More information about the varnish-commit
mailing list