[4.1] 02609b8 Release memory instead of crashing on malformed ESI
PÃ¥l Hermunn Johansen
hermunn at varnish-software.com
Mon Apr 25 16:15:07 CEST 2016
commit 02609b8e4ccbdfc8fe8e6bc7a938107326e215ca
Author: Pål Hermunn Johansen <hermunn at varnish-software.com>
Date: Tue Apr 19 16:59:03 2016 +0200
Release memory instead of crashing on malformed ESI
When an ESI tag contains an unterminated quote or misses its ending
'>', we release the relevant buffers instead of crashing.
Fixes: #1904
diff --git a/bin/varnishd/cache/cache_esi_parse.c b/bin/varnishd/cache/cache_esi_parse.c
index 5a22e77..df9eec1 100644
--- a/bin/varnishd/cache/cache_esi_parse.c
+++ b/bin/varnishd/cache/cache_esi_parse.c
@@ -1080,8 +1080,11 @@ VEP_Finish(struct vep_state *vep)
CHECK_OBJ_NOTNULL(vep, VEP_MAGIC);
- AZ(vep->include_src);
- AZ(vep->attr_vsb);
+ if (vep->include_src)
+ VSB_destroy(&vep->include_src);
+ if (vep->attr_vsb)
+ VSB_destroy(&vep->attr_vsb);
+
if (vep->o_pending)
vep_mark_common(vep, vep->ver_p, vep->last_mark);
if (vep->o_wait > 0) {
More information about the varnish-commit
mailing list