[master] 1a6af67c7 Fail on NULL IPs in VRT

Dridi Boukelmoune dridi.boukelmoune at gmail.com
Tue May 21 09:45:13 UTC 2019 

commit 1a6af67c731cd295899a5598057d63d3b9f93836
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date:   Mon Jan 28 13:36:25 2019 +0100

    Fail on NULL IPs in VRT
    
    This breaks the API since some functions didn't take a VRT_CTX until now.
    
    Closes #2860

diff --git a/bin/varnishd/cache/cache_backend.c b/bin/varnishd/cache/cache_backend.c
index da1b7f8ed..f1fd423e6 100644
--- a/bin/varnishd/cache/cache_backend.c
+++ b/bin/varnishd/cache/cache_backend.c
@@ -534,10 +534,12 @@ VRT_new_backend_clustered(VRT_CTX, struct vsmw_cluster *vc,
 
 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
 	CHECK_OBJ_NOTNULL(vrt, VRT_BACKEND_MAGIC);
-	if (vrt->path == NULL)
-		assert(vrt->ipv4_suckaddr != NULL ||
-		    vrt->ipv6_suckaddr != NULL);
-	else
+	if (vrt->path == NULL) {
+		if (vrt->ipv4_suckaddr == NULL && vrt->ipv6_suckaddr == NULL) {
+			VRT_fail(ctx, "%s: Illegal IP", __func__);
+			return (NULL);
+		}
+	} else
 		assert(vrt->ipv4_suckaddr == NULL &&
 		    vrt->ipv6_suckaddr == NULL);
 
diff --git a/bin/varnishd/cache/cache_vrt.c b/bin/varnishd/cache/cache_vrt.c
index bf1676653..10da99437 100644
--- a/bin/varnishd/cache/cache_vrt.c
+++ b/bin/varnishd/cache/cache_vrt.c
@@ -571,8 +571,10 @@ VRT_IP_string(VRT_CTX, VCL_IP ip)
 	unsigned len;
 
 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
-	if (ip == NULL)
+	if (ip == NULL) {
+		VRT_fail(ctx, "%s: Illegal IP", __func__);
 		return (NULL);
+	}
 	len = WS_ReserveAll(ctx->ws);
 	if (len == 0) {
 		WS_Release(ctx->ws, 0);
@@ -836,10 +838,15 @@ VRT_memmove(void *dst, const void *src, unsigned len)
 }
 
 VCL_BOOL
-VRT_ipcmp(VCL_IP sua1, VCL_IP sua2)
+VRT_ipcmp(VRT_CTX, VCL_IP sua1, VCL_IP sua2)
 {
-	if (sua1 == NULL || sua2 == NULL)
-		return (1);
+
+	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
+
+	if (sua1 == NULL || sua2 == NULL) {
+		VRT_fail(ctx, "%s: Illegal IP", __func__);
+		return(1);
+	}
 	return (VSA_Compare_IP(sua1, sua2));
 }
 
@@ -851,6 +858,9 @@ VRT_blob(VRT_CTX, const char *err, const void *src, size_t len, unsigned type)
 {
 	struct vrt_blob *p;
 
+	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
+	CHECK_OBJ_NOTNULL(ctx->ws, WS_MAGIC);
+
 	p = (void *)WS_Alloc(ctx->ws, sizeof *p);
 	if (p == NULL) {
 		VRT_fail(ctx, "Workspace overflow (%s)", err);
@@ -865,7 +875,16 @@ VRT_blob(VRT_CTX, const char *err, const void *src, size_t len, unsigned type)
 }
 
 int
-VRT_VSA_GetPtr(const struct suckaddr *sua, const unsigned char ** dst)
+VRT_VSA_GetPtr(VRT_CTX, const struct suckaddr *sua, const unsigned char ** dst)
 {
+
+	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
+	AN(dst);
+
+	if (sua == NULL) {
+		VRT_fail(ctx, "%s: Illegal IP", __func__);
+		*dst = NULL;
+		return (-1);
+	}
 	return (VSA_GetPtr(sua, dst));
 }
diff --git a/include/vrt.h b/include/vrt.h
index 87319107f..3b010ea28 100644
--- a/include/vrt.h
+++ b/include/vrt.h
@@ -60,6 +60,8 @@
  *	VRT_vcl_get moved to vcc_interface.h
  *	VRT_vcl_rel emoved to vcc_interface.h
  *	VRT_vcl_select emoved to vcc_interface.h
+ *	VRT_VSA_GetPtr() changed
+ *	VRT_ipcmp() changed
  *	[cache.h] WS_ReserveAll() added
  *	[cache.h] WS_Reserve(ws, 0) deprecated
  * 9.0 (2019-03-15)
@@ -67,8 +69,8 @@
  *	HTTP_Copy() removed
  *	HTTP_Dup() added
  *	HTTP_Clone() added
- *	changed type of VCL_BLOB to newly introduced struct vrt_blob *
- *	changed VRT_blob()
+ *	VCL_BLOB changed to newly introduced struct vrt_blob *
+ *	VRT_blob() changed
  *	req->req_bodybytes removed
  *	    use: AZ(ObjGetU64(req->wrk, req->body_oc, OA_LEN, &u));
  *	struct vdi_methods .list callback signature changed
@@ -447,7 +449,7 @@ VCL_VOID VRT_hashdata(VRT_CTX, const char *str, ...);
 /* Simple stuff */
 int VRT_strcmp(const char *s1, const char *s2);
 void VRT_memmove(void *dst, const void *src, unsigned len);
-VCL_BOOL VRT_ipcmp(VCL_IP, VCL_IP);
+VCL_BOOL VRT_ipcmp(VRT_CTX, VCL_IP, VCL_IP);
 VCL_BLOB VRT_blob(VRT_CTX, const char *, const void *, size_t, unsigned);
 
 VCL_VOID VRT_Rollback(VRT_CTX, VCL_HTTP);
@@ -513,7 +515,7 @@ VCL_BACKEND VRT_LookupDirector(VRT_CTX, VCL_STRING);
 void VRT_DelDirector(VCL_BACKEND *);
 
 /* Suckaddr related */
-int VRT_VSA_GetPtr(VCL_IP sua, const unsigned char ** dst);
+int VRT_VSA_GetPtr(VRT_CTX, VCL_IP sua, const unsigned char ** dst);
 
 typedef int vmod_event_f(VRT_CTX, struct vmod_priv *, enum vcl_event_e);
 
diff --git a/lib/libvcc/vcc_acl.c b/lib/libvcc/vcc_acl.c
index d038e1a3e..43a5b43a1 100644
--- a/lib/libvcc/vcc_acl.c
+++ b/lib/libvcc/vcc_acl.c
@@ -364,7 +364,7 @@ vcc_acl_emit(struct vcc *tl, const char *name, const char *rname, int anon)
 	Fh(tl, 0, "\tconst unsigned char *a;\n");
 	Fh(tl, 0, "\tint fam;\n");
 	Fh(tl, 0, "\n");
-	Fh(tl, 0, "\tfam = VRT_VSA_GetPtr(p, &a);\n");
+	Fh(tl, 0, "\tfam = VRT_VSA_GetPtr(ctx, p, &a);\n");
 	Fh(tl, 0, "\tif (fam < 0) {\n");
 	Fh(tl, 0, "\t\tVRT_acl_log(ctx, \"NO_FAM %s\");\n", name);
 	Fh(tl, 0, "\t\treturn(0);\n");
diff --git a/lib/libvcc/vcc_expr.c b/lib/libvcc/vcc_expr.c
index c74cc4c4b..dae6fe2f2 100644
--- a/lib/libvcc/vcc_expr.c
+++ b/lib/libvcc/vcc_expr.c
@@ -1067,8 +1067,8 @@ static const struct cmps vcc_cmps[] = {
 
 	{BOOL,		T_EQ,		cmp_simple, "((!(\v1)) == (!(\v2)))" },
 	{BOOL,		T_NEQ,		cmp_simple, "((!(\v1)) != (!(\v2)))" },
-	{IP,		T_EQ,		cmp_simple, "!VRT_ipcmp(\v1, \v2)" },
-	{IP,		T_NEQ,		cmp_simple, "VRT_ipcmp(\v1, \v2)" },
+	{IP,		T_EQ,		cmp_simple, "!VRT_ipcmp(ctx, \v1, \v2)" },
+	{IP,		T_NEQ,		cmp_simple, "VRT_ipcmp(ctx, \v1, \v2)" },
 
 	{IP,		'~',		cmp_acl, "" },
 	{IP,		T_NOMATCH,	cmp_acl, "!" },

More information about the varnish-commit mailing list