[master] f8b9667f2 Handle out of session workspace in http1_new_session()
Martin Blix Grydeland
martin at varnish-software.com
Tue Feb 4 10:01:07 UTC 2020
commit f8b9667f23c9fd90c5e2260409f82f5f92f4b007
Author: Martin Blix Grydeland <martin at varnish-software.com>
Date: Thu Dec 12 13:12:48 2019 +0100
Handle out of session workspace in http1_new_session()
If proxy protocol is in use, it is possible to fill the session workspace
exactly before entering http1_new_session(), which will cause it to assert
when calling SES_Reserve_proto_priv().
with this patch we will close the session gracefully.
diff --git a/bin/varnishd/http1/cache_http1_fsm.c b/bin/varnishd/http1/cache_http1_fsm.c
index 4668c5f8c..81ab2e3f6 100644
--- a/bin/varnishd/http1/cache_http1_fsm.c
+++ b/bin/varnishd/http1/cache_http1_fsm.c
@@ -114,7 +114,15 @@ http1_new_session(struct worker *wrk, void *arg)
CHECK_OBJ_NOTNULL(sp, SESS_MAGIC);
HTC_RxInit(req->htc, req->ws);
- XXXAN(SES_Reserve_proto_priv(sp, &u));
+ if (!SES_Reserve_proto_priv(sp, &u)) {
+ /* Out of session workspace. Free the req, close the sess,
+ * and do not set a new task func, which will exit the
+ * worker thread. */
+ VSL(SLT_Error, req->sp->vxid, "insufficient workspace");
+ Req_Release(req);
+ SES_Delete(sp, SC_RX_JUNK, NAN);
+ return;
+ }
http1_setstate(sp, H1NEWREQ);
wrk->task.func = http1_req;
wrk->task.priv = req;
diff --git a/bin/varnishtest/tests/f00005.vtc b/bin/varnishtest/tests/f00005.vtc
new file mode 100644
index 000000000..866d941dd
--- /dev/null
+++ b/bin/varnishtest/tests/f00005.vtc
@@ -0,0 +1,64 @@
+varnishtest "proxy ws panic"
+
+server s1 {
+ rxreq
+ txresp
+} -start
+
+varnish v1 -proto "PROXY" -vcl+backend {}-start
+
+# Too large proxy payload using TLV
+client c1 {
+ sendhex {
+0d 0a 0d 0a 00 0d 0a 51
+55 49 54 0a 21 21 00 93
+aa bb cc dd ee ff 11 22
+33 44 55 66 77 88 99 aa
+bb cc dd ee ff 11 22 33
+44 55 66 77 88 99 aa bb
+88 da 0d 73 02 00 3c 61
+61 61 61 61 61 61 61 61
+61 61 61 61 61 61 61 61
+61 61 61 61 61 61 61 61
+61 61 61 61 61 61 61 61
+61 61 61 61 61 61 61 61
+61 61 61 61 61 61 61 61
+61 61 61 61 61 61 61 61
+61 61 61 20 00 2d 01 01
+00 00 00 21 00 07 54 4c
+53 76 31 2e 32 23 00 1b
+45 43 44 48 45 2d 52 53
+41 2d 41 45 53 32 35 36
+2d 47 43 4d 2d 53 48 41
+33 38 34
+ }
+ expect_close
+} -run
+
+# Reduced size proxy payload to verify Varnish is still running
+client c1 {
+ sendhex {
+0d 0a 0d 0a 00 0d 0a 51
+55 49 54 0a 21 21 00 8b
+aa bb cc dd ee ff 11 22
+33 44 55 66 77 88 99 aa
+bb cc dd ee ff 11 22 33
+44 55 66 77 88 99 aa bb
+88 da 0d 73 02 00 34 61
+61 61 61 61 61 61 61 61
+61 61 61 61 61 61 61 61
+61 61 61 61 61 61 61 61
+61 61 61 61 61 61 61 61
+61 61 61 61 61 61 61 61
+61 61 61 61 61 61 61 61
+61 61 61 20 00 2d 01 01
+00 00 00 21 00 07 54 4c
+53 76 31 2e 32 23 00 1b
+45 43 44 48 45 2d 52 53
+41 2d 41 45 53 32 35 36
+2d 47 43 4d 2d 53 48 41
+33 38 34
+ }
+ txreq
+ rxresp
+} -run
More information about the varnish-commit
mailing list