[master] 4537efefd ws: Put canaries all the way to the end of the workspace
Dridi Boukelmoune
dridi.boukelmoune at gmail.com
Mon Aug 31 18:41:11 UTC 2020
commit 4537efefd3eee3778a367503d8da8c674102578b
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date: Thu May 7 18:55:40 2020 +0200
ws: Put canaries all the way to the end of the workspace
It might help catch more buffer overflows, although we still only check
the first byte.
diff --git a/bin/varnishd/cache/cache_ws.c b/bin/varnishd/cache/cache_ws.c
index c8fb32210..4e09b59ae 100644
--- a/bin/varnishd/cache/cache_ws.c
+++ b/bin/varnishd/cache/cache_ws.c
@@ -98,6 +98,7 @@ WS_Assert_Allocated(const struct ws *ws, const void *ptr, ssize_t len)
void
WS_Init(struct ws *ws, const char *id, void *space, unsigned len)
{
+ unsigned l;
DSL(DBG_WORKSPACE, 0,
"WS_Init(%p, \"%s\", %p, %u)", ws, id, space, len);
@@ -105,9 +106,9 @@ WS_Init(struct ws *ws, const char *id, void *space, unsigned len)
INIT_OBJ(ws, WS_MAGIC);
ws->s = space;
assert(PAOK(space));
- len = PRNDDN(len - 1);
- ws->e = ws->s + len;
- *ws->e = WS_REDZONE_END;
+ l = PRNDDN(len - 1);
+ ws->e = ws->s + l;
+ memset(ws->e, WS_REDZONE_END, len - l);
ws->f = ws->s;
assert(id[0] & 0x20); // cheesy islower()
bstrcpy(ws->id, id);
More information about the varnish-commit
mailing list