[master] 85a42d7d7 test and document VRT_ValidHdr()
Nils Goroll
nils.goroll at uplex.de
Wed Oct 14 13:00:08 UTC 2020
commit 85a42d7d740c42eed677a3cbd2796eec3dd5d135
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Wed Oct 14 13:30:40 2020 +0200
test and document VRT_ValidHdr()
diff --git a/bin/varnishtest/tests/b00040.vtc b/bin/varnishtest/tests/b00040.vtc
index 5e396b386..902bcc8ca 100644
--- a/bin/varnishtest/tests/b00040.vtc
+++ b/bin/varnishtest/tests/b00040.vtc
@@ -10,12 +10,21 @@ server s1 {
} -start
varnish v1 -vcl+backend {
+ import debug;
+
sub vcl_recv {
if (req.url == "/9") {
set req.http.foo = {"
"};
}
}
+ sub vcl_deliver {
+ if (req.url == "/9") {
+ set resp.http.valid1 = debug.validhdr({"
+ "});
+ set resp.http.valid2 = debug.validhdr("a");
+ }
+ }
} -start
logexpect l1 -v v1 -g raw {
@@ -105,4 +114,6 @@ client c1 {
txreq -url /9
rxresp
expect resp.status == 200
+ expect resp.http.valid1 == false
+ expect resp.http.valid2 == true
} -run
diff --git a/doc/changes.rst b/doc/changes.rst
index a80914c52..4b7c61886 100644
--- a/doc/changes.rst
+++ b/doc/changes.rst
@@ -37,6 +37,11 @@ Varnish Cache Next (2021-03-15)
set headers are now validated to contain only characters allowed by
RFC7230. A (runtime) VCL failure is triggered if not.
+* ``VRT_ValidHdr()`` has been added for vmods to conduct the same
+ check as the ``validate_headers`` feature, for example when headers
+ are set by vmods using the ``cache_http.c`` Functions like
+ ``http_ForceHeader()`` from untrusted input.
+
* The shard director now supports reconfiguration (adding/removing
backends) of several instances without any special ordering
requirement.
diff --git a/include/vrt.h b/include/vrt.h
index 7e31480a4..f9894ed73 100644
--- a/include/vrt.h
+++ b/include/vrt.h
@@ -52,8 +52,9 @@
* Whenever something is deleted or changed in a way which is not
* binary/load-time compatible, increment MAJOR version
*
- * 13.0 (2020-03-15)
+ * 13.0 (2021-03-15)
* Calling convention for VDP implementation changed
+ * Added VRT_ValidHdr()
* 12.0 (2020-09-15)
* Added VRT_DirectorResolve()
* Added VCL_STRING VRT_BLOB_string(VRT_CTX, VCL_BLOB)
diff --git a/lib/libvmod_debug/vmod_debug.c b/lib/libvmod_debug/vmod_debug.c
index 3f7e57b1a..65ce4bed5 100644
--- a/lib/libvmod_debug/vmod_debug.c
+++ b/lib/libvmod_debug/vmod_debug.c
@@ -1208,3 +1208,10 @@ xyzzy_priv_task_with_option(VRT_CTX, struct VARGS(priv_task_with_option) *args)
args->priv->priv = WS_Copy(ctx->ws, args->opt, -1);
return (args->priv->priv);
}
+
+VCL_BOOL v_matchproto_(td_xyzzy_validhdr)
+xyzzy_validhdr(VRT_CTX, VCL_STRANDS s)
+{
+ CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
+ return (VRT_ValidHdr(ctx, s));
+}
diff --git a/lib/libvmod_debug/vmod_debug.vcc b/lib/libvmod_debug/vmod_debug.vcc
index f565b456c..4eee74547 100644
--- a/lib/libvmod_debug/vmod_debug.vcc
+++ b/lib/libvmod_debug/vmod_debug.vcc
@@ -312,3 +312,7 @@ Quote an input string to be usable for an exact match in a regular expression.
$Function STRING priv_task_with_option(PRIV_TASK priv, [STRING opt])
A function mixing a named PRIV_TASK with optional parameters.
+
+$Function BOOL validhdr(STRANDS)
+
+Test if the argument is a valid header according to RFC7230 section 3.2.
More information about the varnish-commit
mailing list