[master] 33736b200 Additional size checking for session attributes
Nils Goroll
nils.goroll at uplex.de
Fri Jan 8 16:54:08 UTC 2021
commit 33736b200b7afb5b5e2a4017f60defdbbd5caf60
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Fri Jan 8 17:21:20 2021 +0100
Additional size checking for session attributes
When we reserve a session attribute, we now check that the reserved
space is of the expected size.
diff --git a/bin/varnishd/cache/cache_acceptor.c b/bin/varnishd/cache/cache_acceptor.c
index d7dedb6c7..beedeaf5c 100644
--- a/bin/varnishd/cache/cache_acceptor.c
+++ b/bin/varnishd/cache/cache_acceptor.c
@@ -315,8 +315,10 @@ vca_mk_tcp(const struct wrk_accept *wa,
struct sess *sp, char *laddr, char *lport, char *raddr, char *rport)
{
struct suckaddr *sa;
+ ssize_t sz;
- AN(SES_Reserve_remote_addr(sp, &sa));
+ AN(SES_Reserve_remote_addr(sp, &sa, &sz));
+ assert(sz == vsa_suckaddr_len);
AN(VSA_Build(sa, &wa->acceptaddr, wa->acceptaddrlen));
sp->sattr[SA_CLIENT_ADDR] = sp->sattr[SA_REMOTE_ADDR];
@@ -325,8 +327,8 @@ vca_mk_tcp(const struct wrk_accept *wa,
AN(SES_Set_String_Attr(sp, SA_CLIENT_PORT, rport));
- AN(SES_Reserve_local_addr(sp, &sa));
- AN(VSA_getsockname(sp->fd, sa, vsa_suckaddr_len));
+ AN(SES_Reserve_local_addr(sp, &sa, &sz));
+ AN(VSA_getsockname(sp->fd, sa, sz));
sp->sattr[SA_SERVER_ADDR] = sp->sattr[SA_LOCAL_ADDR];
VTCP_name(sa, laddr, VTCP_ADDRBUFSIZE, lport, VTCP_PORTBUFSIZE);
}
@@ -336,9 +338,11 @@ vca_mk_uds(struct wrk_accept *wa, struct sess *sp, char *laddr, char *lport,
char *raddr, char *rport)
{
struct suckaddr *sa;
+ ssize_t sz;
(void) wa;
- AN(SES_Reserve_remote_addr(sp, &sa));
+ AN(SES_Reserve_remote_addr(sp, &sa, &sz));
+ assert(sz == vsa_suckaddr_len);
AZ(SES_Set_remote_addr(sp, bogo_ip));
sp->sattr[SA_CLIENT_ADDR] = sp->sattr[SA_REMOTE_ADDR];
sp->sattr[SA_LOCAL_ADDR] = sp->sattr[SA_REMOTE_ADDR];
diff --git a/bin/varnishd/cache/cache_session.c b/bin/varnishd/cache/cache_session.c
index a50e1c295..dbbce45d0 100644
--- a/bin/varnishd/cache/cache_session.c
+++ b/bin/varnishd/cache/cache_session.c
@@ -115,14 +115,17 @@ ses_set_attr(const struct sess *sp, enum sess_attr a, const void *src, int sz)
}
static int
-ses_res_attr(struct sess *sp, enum sess_attr a, void **dst, int sz)
+ses_res_attr(struct sess *sp, enum sess_attr a, void **dst, ssize_t *szp)
{
unsigned o;
+ ssize_t sz;
CHECK_OBJ_NOTNULL(sp, SESS_MAGIC);
assert(a < SA_LAST);
- assert(sz >= 0);
AN(dst);
+ sz = *szp;
+ *szp = 0;
+ assert(sz >= 0);
if (WS_ReserveSize(sp->ws, sz) == 0)
return (0);
o = WS_ReservationOffset(sp->ws);
@@ -131,6 +134,7 @@ ses_res_attr(struct sess *sp, enum sess_attr a, void **dst, int sz)
return (0);
}
*dst = WS_Reservation(sp->ws);
+ *szp = sz;
sp->sattr[a] = (uint16_t)o;
WS_Release(sp->ws, sz);
return (1);
@@ -152,10 +156,12 @@ ses_res_attr(struct sess *sp, enum sess_attr a, void **dst, int sz)
} \
\
int \
- SES_Reserve_##low(struct sess *sp, typ **dst) \
+ SES_Reserve_##low(struct sess *sp, typ **dst, ssize_t *sz) \
{ \
assert(len > 0); \
- return (ses_res_attr(sp, SA_##UP, (void**)dst, len)); \
+ AN(sz); \
+ *sz = len; \
+ return (ses_res_attr(sp, SA_##UP, (void**)dst, sz)); \
}
#include "tbl/sess_attr.h"
@@ -164,6 +170,7 @@ int
SES_Set_String_Attr(struct sess *sp, enum sess_attr a, const char *src)
{
void *q;
+ ssize_t l, sz;
CHECK_OBJ_NOTNULL(sp, SESS_MAGIC);
AN(src);
@@ -172,8 +179,10 @@ SES_Set_String_Attr(struct sess *sp, enum sess_attr a, const char *src)
if (strcmp(sess_attr[a].type, "char"))
WRONG("wrong sess_attr: not char");
- if (! ses_res_attr(sp, a, &q, strlen(src) + 1))
+ l = sz = strlen(src) + 1;
+ if (! ses_res_attr(sp, a, &q, &sz))
return (0);
+ assert(l == sz);
strcpy(q, src);
return (1);
}
diff --git a/bin/varnishd/cache/cache_varnishd.h b/bin/varnishd/cache/cache_varnishd.h
index e53d28a23..96fb33ff8 100644
--- a/bin/varnishd/cache/cache_varnishd.h
+++ b/bin/varnishd/cache/cache_varnishd.h
@@ -408,7 +408,7 @@ enum htc_status_e HTC_RxStuff(struct http_conn *, htc_complete_f *,
#define SESS_ATTR(UP, low, typ, len) \
int SES_Set_##low(const struct sess *sp, const typ *src); \
- int SES_Reserve_##low(struct sess *sp, typ **dst);
+ int SES_Reserve_##low(struct sess *sp, typ **dst, ssize_t *sz);
#include "tbl/sess_attr.h"
int SES_Set_String_Attr(struct sess *sp, enum sess_attr a, const char *src);
diff --git a/bin/varnishd/http1/cache_http1_fsm.c b/bin/varnishd/http1/cache_http1_fsm.c
index 1d1e7c2e6..6a339f5a4 100644
--- a/bin/varnishd/http1/cache_http1_fsm.c
+++ b/bin/varnishd/http1/cache_http1_fsm.c
@@ -107,6 +107,7 @@ http1_new_session(struct worker *wrk, void *arg)
struct sess *sp;
struct req *req;
uintptr_t *u;
+ ssize_t sz;
CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
CAST_OBJ_NOTNULL(req, arg, REQ_MAGIC);
@@ -114,7 +115,7 @@ http1_new_session(struct worker *wrk, void *arg)
CHECK_OBJ_NOTNULL(sp, SESS_MAGIC);
HTC_RxInit(req->htc, req->ws);
- if (!SES_Reserve_proto_priv(sp, &u)) {
+ if (!SES_Reserve_proto_priv(sp, &u, &sz)) {
/* Out of session workspace. Free the req, close the sess,
* and do not set a new task func, which will exit the
* worker thread. */
@@ -123,6 +124,7 @@ http1_new_session(struct worker *wrk, void *arg)
SES_Delete(sp, SC_RX_JUNK, NAN);
return;
}
+ assert(sz == sizeof u);
http1_setstate(sp, H1NEWREQ);
wrk->task->func = http1_req;
wrk->task->priv = req;
diff --git a/bin/varnishd/proxy/cache_proxy_proto.c b/bin/varnishd/proxy/cache_proxy_proto.c
index 7d6cffe00..29e806826 100644
--- a/bin/varnishd/proxy/cache_proxy_proto.c
+++ b/bin/varnishd/proxy/cache_proxy_proto.c
@@ -75,6 +75,7 @@ vpx_proto1(const struct worker *wrk, const struct req *req)
int i;
char *p, *q;
struct suckaddr *sa;
+ ssize_t sz;
int pfam = -1;
CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
@@ -121,8 +122,9 @@ vpx_proto1(const struct worker *wrk, const struct req *req)
return (-1);
}
- if (! SES_Reserve_client_addr(req->sp, &sa))
+ if (! SES_Reserve_client_addr(req->sp, &sa, &sz))
return (vpx_ws_err(req));
+ assert (sz == vsa_suckaddr_len);
if (VSS_ResolveOne(sa, fld[1], fld[3],
pfam, SOCK_STREAM, AI_NUMERICHOST | AI_NUMERICSERV) == NULL) {
@@ -135,8 +137,9 @@ vpx_proto1(const struct worker *wrk, const struct req *req)
if (! SES_Set_String_Attr(req->sp, SA_CLIENT_PORT, fld[3]))
return (vpx_ws_err(req));
- if (! SES_Reserve_server_addr(req->sp, &sa))
+ if (! SES_Reserve_server_addr(req->sp, &sa, &sz))
return (vpx_ws_err(req));
+ assert (sz == vsa_suckaddr_len);
if (VSS_ResolveOne(sa, fld[2], fld[4],
pfam, SOCK_STREAM, AI_NUMERICHOST | AI_NUMERICSERV) == NULL) {
@@ -329,6 +332,7 @@ vpx_proto2(const struct worker *wrk, struct req *req)
char *d, *tlv_start;
sa_family_t pfam = 0xff;
struct suckaddr *sa = NULL;
+ ssize_t sz;
char ha[VTCP_ADDRBUFSIZE];
char pa[VTCP_PORTBUFSIZE];
char hb[VTCP_ADDRBUFSIZE];
@@ -414,8 +418,9 @@ vpx_proto2(const struct worker *wrk, struct req *req)
pp = ap + 2 * alen;
/* src/client */
- if (! SES_Reserve_client_addr(req->sp, &sa))
+ if (! SES_Reserve_client_addr(req->sp, &sa, &sz))
return (vpx_ws_err(req));
+ assert(sz == vsa_suckaddr_len);
AN(VSA_BuildFAP(sa, pfam, ap, alen, pp, plen));
VTCP_name(sa, hb, sizeof hb, pb, sizeof pb);
@@ -423,8 +428,9 @@ vpx_proto2(const struct worker *wrk, struct req *req)
pp += plen;
/* dst/server */
- if (! SES_Reserve_server_addr(req->sp, &sa))
+ if (! SES_Reserve_server_addr(req->sp, &sa, &sz))
return (vpx_ws_err(req));
+ assert(sz == vsa_suckaddr_len);
AN(VSA_BuildFAP(sa, pfam, ap, alen, pp, plen));
VTCP_name(sa, ha, sizeof ha, pa, sizeof pa);
@@ -467,8 +473,9 @@ vpx_proto2(const struct worker *wrk, struct req *req)
INIT_OBJ(tlv, VPX_TLV_MAGIC);
tlv->len = tlv_len;
memcpy(tlv->tlv, tlv_start, tlv_len);
- if (! SES_Reserve_proxy_tlv(req->sp, &up))
+ if (! SES_Reserve_proxy_tlv(req->sp, &up, &sz))
return (vpx_ws_err(req));
+ assert(sz == sizeof up);
*up = (uintptr_t)tlv;
return (0);
}
More information about the varnish-commit
mailing list