[master] 1a6af67c7 Fail on NULL IPs in VRT
Dridi Boukelmoune
dridi.boukelmoune at gmail.com
Tue May 21 09:45:13 UTC 2019
commit 1a6af67c731cd295899a5598057d63d3b9f93836
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date: Mon Jan 28 13:36:25 2019 +0100
Fail on NULL IPs in VRT
This breaks the API since some functions didn't take a VRT_CTX until now.
Closes #2860
diff --git a/bin/varnishd/cache/cache_backend.c b/bin/varnishd/cache/cache_backend.c
index da1b7f8ed..f1fd423e6 100644
--- a/bin/varnishd/cache/cache_backend.c
+++ b/bin/varnishd/cache/cache_backend.c
@@ -534,10 +534,12 @@ VRT_new_backend_clustered(VRT_CTX, struct vsmw_cluster *vc,
CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
CHECK_OBJ_NOTNULL(vrt, VRT_BACKEND_MAGIC);
- if (vrt->path == NULL)
- assert(vrt->ipv4_suckaddr != NULL ||
- vrt->ipv6_suckaddr != NULL);
- else
+ if (vrt->path == NULL) {
+ if (vrt->ipv4_suckaddr == NULL && vrt->ipv6_suckaddr == NULL) {
+ VRT_fail(ctx, "%s: Illegal IP", __func__);
+ return (NULL);
+ }
+ } else
assert(vrt->ipv4_suckaddr == NULL &&
vrt->ipv6_suckaddr == NULL);
diff --git a/bin/varnishd/cache/cache_vrt.c b/bin/varnishd/cache/cache_vrt.c
index bf1676653..10da99437 100644
--- a/bin/varnishd/cache/cache_vrt.c
+++ b/bin/varnishd/cache/cache_vrt.c
@@ -571,8 +571,10 @@ VRT_IP_string(VRT_CTX, VCL_IP ip)
unsigned len;
CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
- if (ip == NULL)
+ if (ip == NULL) {
+ VRT_fail(ctx, "%s: Illegal IP", __func__);
return (NULL);
+ }
len = WS_ReserveAll(ctx->ws);
if (len == 0) {
WS_Release(ctx->ws, 0);
@@ -836,10 +838,15 @@ VRT_memmove(void *dst, const void *src, unsigned len)
}
VCL_BOOL
-VRT_ipcmp(VCL_IP sua1, VCL_IP sua2)
+VRT_ipcmp(VRT_CTX, VCL_IP sua1, VCL_IP sua2)
{
- if (sua1 == NULL || sua2 == NULL)
- return (1);
+
+ CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
+
+ if (sua1 == NULL || sua2 == NULL) {
+ VRT_fail(ctx, "%s: Illegal IP", __func__);
+ return(1);
+ }
return (VSA_Compare_IP(sua1, sua2));
}
@@ -851,6 +858,9 @@ VRT_blob(VRT_CTX, const char *err, const void *src, size_t len, unsigned type)
{
struct vrt_blob *p;
+ CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
+ CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC);
+
p = (void *)WS_Alloc(ctx->ws, sizeof *p);
if (p == NULL) {
VRT_fail(ctx, "Workspace overflow (%s)", err);
@@ -865,7 +875,16 @@ VRT_blob(VRT_CTX, const char *err, const void *src, size_t len, unsigned type)
}
int
-VRT_VSA_GetPtr(const struct suckaddr *sua, const unsigned char ** dst)
+VRT_VSA_GetPtr(VRT_CTX, const struct suckaddr *sua, const unsigned char ** dst)
{
+
+ CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
+ AN(dst);
+
+ if (sua == NULL) {
+ VRT_fail(ctx, "%s: Illegal IP", __func__);
+ *dst = NULL;
+ return (-1);
+ }
return (VSA_GetPtr(sua, dst));
}
diff --git a/include/vrt.h b/include/vrt.h
index 87319107f..3b010ea28 100644
--- a/include/vrt.h
+++ b/include/vrt.h
@@ -60,6 +60,8 @@
* VRT_vcl_get moved to vcc_interface.h
* VRT_vcl_rel emoved to vcc_interface.h
* VRT_vcl_select emoved to vcc_interface.h
+ * VRT_VSA_GetPtr() changed
+ * VRT_ipcmp() changed
* [cache.h] WS_ReserveAll() added
* [cache.h] WS_Reserve(ws, 0) deprecated
* 9.0 (2019-03-15)
@@ -67,8 +69,8 @@
* HTTP_Copy() removed
* HTTP_Dup() added
* HTTP_Clone() added
- * changed type of VCL_BLOB to newly introduced struct vrt_blob *
- * changed VRT_blob()
+ * VCL_BLOB changed to newly introduced struct vrt_blob *
+ * VRT_blob() changed
* req->req_bodybytes removed
* use: AZ(ObjGetU64(req->wrk, req->body_oc, OA_LEN, &u));
* struct vdi_methods .list callback signature changed
@@ -447,7 +449,7 @@ VCL_VOID VRT_hashdata(VRT_CTX, const char *str, ...);
/* Simple stuff */
int VRT_strcmp(const char *s1, const char *s2);
void VRT_memmove(void *dst, const void *src, unsigned len);
-VCL_BOOL VRT_ipcmp(VCL_IP, VCL_IP);
+VCL_BOOL VRT_ipcmp(VRT_CTX, VCL_IP, VCL_IP);
VCL_BLOB VRT_blob(VRT_CTX, const char *, const void *, size_t, unsigned);
VCL_VOID VRT_Rollback(VRT_CTX, VCL_HTTP);
@@ -513,7 +515,7 @@ VCL_BACKEND VRT_LookupDirector(VRT_CTX, VCL_STRING);
void VRT_DelDirector(VCL_BACKEND *);
/* Suckaddr related */
-int VRT_VSA_GetPtr(VCL_IP sua, const unsigned char ** dst);
+int VRT_VSA_GetPtr(VRT_CTX, VCL_IP sua, const unsigned char ** dst);
typedef int vmod_event_f(VRT_CTX, struct vmod_priv *, enum vcl_event_e);
diff --git a/lib/libvcc/vcc_acl.c b/lib/libvcc/vcc_acl.c
index d038e1a3e..43a5b43a1 100644
--- a/lib/libvcc/vcc_acl.c
+++ b/lib/libvcc/vcc_acl.c
@@ -364,7 +364,7 @@ vcc_acl_emit(struct vcc *tl, const char *name, const char *rname, int anon)
Fh(tl, 0, "\tconst unsigned char *a;\n");
Fh(tl, 0, "\tint fam;\n");
Fh(tl, 0, "\n");
- Fh(tl, 0, "\tfam = VRT_VSA_GetPtr(p, &a);\n");
+ Fh(tl, 0, "\tfam = VRT_VSA_GetPtr(ctx, p, &a);\n");
Fh(tl, 0, "\tif (fam < 0) {\n");
Fh(tl, 0, "\t\tVRT_acl_log(ctx, \"NO_FAM %s\");\n", name);
Fh(tl, 0, "\t\treturn(0);\n");
diff --git a/lib/libvcc/vcc_expr.c b/lib/libvcc/vcc_expr.c
index c74cc4c4b..dae6fe2f2 100644
--- a/lib/libvcc/vcc_expr.c
+++ b/lib/libvcc/vcc_expr.c
@@ -1067,8 +1067,8 @@ static const struct cmps vcc_cmps[] = {
{BOOL, T_EQ, cmp_simple, "((!(\v1)) == (!(\v2)))" },
{BOOL, T_NEQ, cmp_simple, "((!(\v1)) != (!(\v2)))" },
- {IP, T_EQ, cmp_simple, "!VRT_ipcmp(\v1, \v2)" },
- {IP, T_NEQ, cmp_simple, "VRT_ipcmp(\v1, \v2)" },
+ {IP, T_EQ, cmp_simple, "!VRT_ipcmp(ctx, \v1, \v2)" },
+ {IP, T_NEQ, cmp_simple, "VRT_ipcmp(ctx, \v1, \v2)" },
{IP, '~', cmp_acl, "" },
{IP, T_NOMATCH, cmp_acl, "!" },
More information about the varnish-commit
mailing list