[master] 23ca54d Add an assert preventing buffer overflows
Martin Blix Grydeland
martin at varnish-software.com
Mon Dec 5 13:02:05 CET 2016
commit 23ca54d8727c28b5e93941855b54e6f6fd3dcb8b
Author: Martin Blix Grydeland <martin at varnish-software.com>
Date: Mon Nov 28 11:56:49 2016 +0100
Add an assert preventing buffer overflows
Make sure that the workspace can accomodate the pipelined data before
memmoving it into place.
Add a comment on an open issue in the H2 code path that could trigger
this assert.
diff --git a/bin/varnishd/cache/cache_session.c b/bin/varnishd/cache/cache_session.c
index 9bcb824..e915712 100644
--- a/bin/varnishd/cache/cache_session.c
+++ b/bin/varnishd/cache/cache_session.c
@@ -196,6 +196,7 @@ HTC_RxInit(struct http_conn *htc, struct ws *ws)
if (htc->pipeline_b != NULL) {
l = htc->pipeline_e - htc->pipeline_b;
assert(l > 0);
+ assert(l <= ws->r - htc->rxbuf_b);
memmove(htc->rxbuf_b, htc->pipeline_b, l);
htc->rxbuf_e += l;
htc->pipeline_b = NULL;
diff --git a/bin/varnishd/http2/cache_http2_proto.c b/bin/varnishd/http2/cache_http2_proto.c
index 54b8a2e..ff3278f 100644
--- a/bin/varnishd/http2/cache_http2_proto.c
+++ b/bin/varnishd/http2/cache_http2_proto.c
@@ -661,6 +661,9 @@ h2_new_ou_session(struct worker *wrk, struct h2_sess *h2,
h2->htc->pipeline_e = req->htc->pipeline_e;
req->htc->pipeline_b = NULL;
req->htc->pipeline_e = NULL;
+ /* XXX: This call may assert on buffer overflow if the pipelined
+ data exceeds the available space in the aws workspace. What to
+ do about the overflowing data is an open issue. */
HTC_RxInit(h2->htc, wrk->aws);
/* Start req thread */
More information about the varnish-commit
mailing list