[master] 6d49b18f1 vcc: Restrict PRIV_TOP arguments to client tasks
Dridi Boukelmoune
dridi.boukelmoune at gmail.com
Mon Jan 25 18:18:07 UTC 2021
commit 6d49b18f1a7ad612b3c9ba6b3a8a5704fe84ea61
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date: Tue Jan 19 06:53:19 2021 +0100
vcc: Restrict PRIV_TOP arguments to client tasks
Refs #3498
diff --git a/bin/varnishtest/tests/v00043.vtc b/bin/varnishtest/tests/v00043.vtc
index 95b85770b..1a3d9e0e7 100644
--- a/bin/varnishtest/tests/v00043.vtc
+++ b/bin/varnishtest/tests/v00043.vtc
@@ -55,6 +55,22 @@ server s1 {
txresp
} -start
+varnish v1 -errvcl "Not available in subroutine 'vcl_backend_fetch'" {
+ import debug;
+ backend be none;
+ sub vcl_backend_fetch {
+ debug.test_priv_top("only works on client side");
+ }
+}
+
+varnish v1 -errvcl "Not available in subroutine 'vcl_init'" {
+ import debug;
+ backend be none;
+ sub vcl_init {
+ debug.test_priv_top("only works on client side");
+ }
+}
+
varnish v1 -cliok "param.set debug +syncvsl" -vcl+backend {
import debug;
@@ -81,22 +97,9 @@ varnish v1 -cliok "param.set debug +syncvsl" -vcl+backend {
set req.http.o2 = o2.test_priv_top("");
}
- # XXX because PRIV_TOP arguments get initialized in the
- # function preamble, the mere presence of a vmod call with a
- # PRIV_TOP argument in a SUB will trigger the failure if that
- # sub is called at all.
- #
- # So to test #3498, we need to fence test_priv_top into its
- # own sub
- sub callingmewill503 {
- debug.test_priv_top("only works on client side");
- }
-
sub vcl_backend_fetch {
if (bereq.url == "/fail") {
- call callingmewill503;
- }
- if (bereq.url == "/failo") {
+ # dynamic priv not checked at compile time
o2.test_priv_top("only works on client side");
}
}
@@ -123,17 +126,8 @@ client c1 {
varnish v1 -expect client_req == 2
-client c1 {
- txreq -url /fail
- rxresp
- expect resp.status == 503
-} -start
-
client c2 {
- txreq -url /failo
+ txreq -url /fail
rxresp
expect resp.status == 503
-} -start
-
-client c1 -wait
-client c2 -wait
+} -run
diff --git a/lib/libvcc/vcc_compile.h b/lib/libvcc/vcc_compile.h
index dd94de055..d4b1ea8db 100644
--- a/lib/libvcc/vcc_compile.h
+++ b/lib/libvcc/vcc_compile.h
@@ -341,7 +341,7 @@ sym_expr_t vcc_Eval_Handle;
sym_expr_t vcc_Eval_SymFunc;
sym_expr_t vcc_Eval_TypeMethod;
void vcc_Eval_Func(struct vcc *, const struct vjsn_val *,
- const char *, const struct symbol *);
+ const char *, struct symbol *);
void VCC_GlobalSymbol(struct symbol *, vcc_type_t fmt, const char *pfx);
struct symbol *VCC_HandleSymbol(struct vcc *, vcc_type_t , const char *);
void VCC_SymName(struct vsb *, const struct symbol *);
diff --git a/lib/libvcc/vcc_expr.c b/lib/libvcc/vcc_expr.c
index e5373b5b4..06d2c7d75 100644
--- a/lib/libvcc/vcc_expr.c
+++ b/lib/libvcc/vcc_expr.c
@@ -351,7 +351,7 @@ vcc_Eval_Var(struct vcc *tl, struct expr **e, struct token *t,
*/
static struct expr *
-vcc_priv_arg(struct vcc *tl, const char *p, const struct symbol *sym)
+vcc_priv_arg(struct vcc *tl, const char *p, struct symbol *sym)
{
char buf[64];
struct inifin *ifp;
@@ -377,6 +377,7 @@ vcc_priv_arg(struct vcc *tl, const char *p, const struct symbol *sym)
marklist = &tl->curproc->priv_tasks;
} else if (!strcmp(p, "PRIV_TOP")) {
f = "top";
+ sym->r_methods &= VCL_MET_TASK_C;
marklist = &tl->curproc->priv_tops;
} else {
WRONG("Wrong PRIV_ type");
@@ -641,7 +642,7 @@ vcc_func(struct vcc *tl, struct expr **e, const void *priv,
void
vcc_Eval_Func(struct vcc *tl, const struct vjsn_val *spec,
- const char *extra, const struct symbol *sym)
+ const char *extra, struct symbol *sym)
{
struct expr *e = NULL;
More information about the varnish-commit
mailing list