[master] 7de2ff8 Change assert to proper error message and test it.

Wed Jan 25 10:46:05 CET 2017

commit 7de2ff8e4225bb4776e7ffd8cd4f36d0e85b4d8c
Author: Poul-Henning Kamp <phk at FreeBSD.org>
Date:   Wed Jan 25 09:44:17 2017 +0000

    Change assert to proper error message and test it.
    
    Fixes #2197

diff --git a/bin/varnishd/cache/cache_esi_parse.c b/bin/varnishd/cache/cache_esi_parse.c
index 7f17cc3..38ec348 100644
--- a/bin/varnishd/cache/cache_esi_parse.c
+++ b/bin/varnishd/cache/cache_esi_parse.c
@@ -479,7 +479,14 @@ vep_do_include(struct vep_state *vep, enum dowhat what)
 	if (l > 7 && !memcmp(p, "http://", 7)) {
 		h = p + 7;
 		p = strchr(h, '/');
-		AN(p);
+		if (p == NULL) {
+			vep_error(vep,
+			    "ESI 1.0 <esi:include> invalid src= URL");
+			vep->state = VEP_TAGERROR;
+			AZ(vep->attr_vsb);
+			VSB_destroy(&vep->include_src);
+			return;
+		}
 		Debug("HOST <%.*s> PATH <%s>\n", (int)(p-h),h, p);
 		VSB_printf(vep->vsb, "%c", VEC_INCL);
 		VSB_printf(vep->vsb, "Host: %.*s%c", (int)(p-h), h, 0);
@@ -496,7 +503,14 @@ vep_do_include(struct vep_state *vep, enum dowhat what)
 		    "ESI 1.0 <esi:include> https:// treated as http://");
 		h = p + 8;
 		p = strchr(h, '/');
-		AN(p);
+		if (p == NULL) {
+			vep_error(vep,
+			    "ESI 1.0 <esi:include> invalid src= URL");
+			vep->state = VEP_TAGERROR;
+			AZ(vep->attr_vsb);
+			VSB_destroy(&vep->include_src);
+			return;
+		}
 		VSB_printf(vep->vsb, "%c", VEC_INCL);
 		VSB_printf(vep->vsb, "Host: %.*s%c", (int)(p-h), h, 0);
 	} else if (*p == '/') {
diff --git a/bin/varnishtest/tests/e00006.vtc b/bin/varnishtest/tests/e00006.vtc
index 759a0f4..6c9b5fd 100644
--- a/bin/varnishtest/tests/e00006.vtc
+++ b/bin/varnishtest/tests/e00006.vtc
@@ -43,3 +43,49 @@ client c1 {
 
 client c1 -run
 varnish v1 -expect esi_errors == 0
+
+# Now try with invalid URLs
+
+server s1 {
+	rxreq
+	expect req.url == /http
+	txresp -body {<esi:include src="http://foobar" />1234}
+	rxreq
+	expect req.url == /https
+	txresp -body {<esi:include src="https://foobar" />123456}
+} -start
+
+varnish v1 -vcl+backend {
+	sub vcl_recv {
+		set req.backend_hint = s2;
+		set req.backend_hint = s1;
+	}
+	sub vcl_backend_response {
+		set beresp.do_esi = true;
+	}
+}
+
+varnish v1 -cliok "param.set feature +esi_ignore_https"
+
+logexpect l1 -v v1 -g raw {
+	expect * * ESI_xmlerror "ERR at 35 ESI 1.0 <esi:include> invalid src= URL"
+	expect * * ESI_xmlerror "WARN at 36 ESI 1.0 <esi:include> https:// treated as http://"
+	expect * * ESI_xmlerror "ERR at 36 ESI 1.0 <esi:include> invalid src= URL"
+} -start
+
+client c1 {
+	txreq -url /http
+	rxresp
+	expect resp.status == 200
+	expect resp.bodylen == 4
+	txreq -url /https
+	rxresp
+	expect resp.status == 200
+	expect resp.bodylen == 6
+}
+
+client c1 -run
+
+logexpect l1 -wait
+
+varnish v1 -expect esi_errors == 2

