[master] c7799008f Check for illegal status codes when executing return(synth())
Martin Blix Grydeland
martin at varnish-software.com
Tue May 5 11:39:07 UTC 2020
commit c7799008fe12b3bbd9ee95988700a081867a5859
Author: Martin Blix Grydeland <martin at varnish-software.com>
Date: Fri Apr 24 16:31:45 2020 +0200
Check for illegal status codes when executing return(synth())
Some status codes are illegal and will cause VRT_fail() when executed as
normal set instructions in VCL. But this test is bypassed when status is
set as a side effect of a `return (synth(code))` statement.
This patch applies the same rules as when executing a set-instruction to
the return(synth()) handling.
Fixes second part of: #3301
diff --git a/bin/varnishd/cache/cache_vrt.c b/bin/varnishd/cache/cache_vrt.c
index b89efccf4..1d8bac59d 100644
--- a/bin/varnishd/cache/cache_vrt.c
+++ b/bin/varnishd/cache/cache_vrt.c
@@ -62,8 +62,22 @@ VRT_synth(VRT_CTX, VCL_INT code, VCL_STRING reason)
CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
assert(ctx->req != NULL || ctx->bo != NULL);
- if (code < 100 || code > 65535)
- code = 503;
+ if (code < 0) {
+ VRT_fail(ctx, "return(synth()) status code (%jd) is negative",
+ code);
+ return;
+ }
+ if (code > 65535) {
+ VRT_fail(ctx, "return(synth()) status code (%jd) > 65535",
+ code);
+ return;
+ }
+ if ((code % 1000) < 100) {
+ VRT_fail(ctx,
+ "illegal return(synth()) status code (%jd) (..0##)",
+ code);
+ return;
+ }
if (ctx->req == NULL) {
CHECK_OBJ_NOTNULL(ctx->bo, BUSYOBJ_MAGIC);
More information about the varnish-commit
mailing list