[master] 1d140b1a0 vca: Prevent conceptual workspace use-after-release
Dridi Boukelmoune
dridi.boukelmoune at gmail.com
Tue Aug 17 06:57:05 UTC 2021
commit 1d140b1a09588c31583fbb6ae7ca6e3f626bb419
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date: Wed Jul 7 18:35:42 2021 +0200
vca: Prevent conceptual workspace use-after-release
Releasing a reservation or rolling back too early is harmless as long as
nothing is allocated on the workspace that could overwrite its contents.
Once you swap the workspace in its current form with a different kind of
allocator it can turn into effective use-after-free, if rolled back or
released state doesn't linger.
diff --git a/bin/varnishd/cache/cache_acceptor.c b/bin/varnishd/cache/cache_acceptor.c
index a57978e6a..33dc99130 100644
--- a/bin/varnishd/cache/cache_acceptor.c
+++ b/bin/varnishd/cache/cache_acceptor.c
@@ -400,8 +400,6 @@ vca_make_session(struct worker *wrk, void *arg)
raddr, rport, wa->acceptlsock->name, laddr, lport,
sp->t_open, sp->fd);
- WS_Release(wrk->aws, 0);
-
vca_pace_good();
wrk->stats->sess_conn++;
@@ -416,6 +414,7 @@ vca_make_session(struct worker *wrk, void *arg)
req->htc->rfd = &sp->fd;
SES_SetTransport(wrk, sp, req, wa->acceptlsock->transport);
+ WS_Release(wrk->aws, 0);
}
/*--------------------------------------------------------------------
More information about the varnish-commit
mailing list