[4.1] 8a8604d Correct check when parsing the query string.

[PÃ¥l Hermunn Johansen]

commit 8a8604da337455bb07664ca7050b6d56c471ab88
Author: Federico G. Schwindt <fgsch at lodoss.net>
Date:   Sun Feb 26 19:16:22 2017 +0000

    Correct check when parsing the query string.
    
    Fixes #2233.

diff --git a/bin/varnishtest/tests/r02233.vtc b/bin/varnishtest/tests/r02233.vtc
new file mode 100644
index 0000000..87ab8ad
--- /dev/null
+++ b/bin/varnishtest/tests/r02233.vtc
@@ -0,0 +1,24 @@
+varnishtest "Fail earlier if we cannot fit the query string"
+
+server s1 {
+	rxreq
+	txresp
+} -start
+
+varnish v1 -arg "-p workspace_client=9k" -vcl+backend {
+	import ${vmod_std};
+
+	sub vcl_recv {
+		set req.url = std.querysort(req.url);
+	}
+} -start
+
+client c1 {
+	send "GET /?a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1"
+	send "&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1"
+	send "&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1"
+	send " HTTP/1.1\r\n"
+	send "Host: foo\r\n\r\n"
+	rxresp
+	expect resp.status == 500
+} -run
diff --git a/lib/libvmod_std/vmod_std_querysort.c b/lib/libvmod_std/vmod_std_querysort.c
index 6f6a90b..c54cc5f 100644
--- a/lib/libvmod_std/vmod_std_querysort.c
+++ b/lib/libvmod_std/vmod_std_querysort.c
@@ -94,7 +94,7 @@ vmod_querysort(VRT_CTX, VCL_STRING url)
 	pp[np++] = 1 + cu;
 	for (cq = 1 + cu; *cq != '\0'; cq++) {
 		if (*cq == '&') {
-			if (pp + 3 > pe) {
+			if (pp + np + 3 > pe) {
 				WS_Release(ctx->ws, 0);
 				WS_MarkOverflow(ctx->ws);
 				return (url);