[master] 86fc6706e Make sure resp.reason is on workspace before using it in vcl_synth

Martin Blix Grydeland martin at varnish-software.com
Fri Mar 12 14:07:07 UTC 2021


commit 86fc6706ea0277cd6949ab102f958a17a3d83d93
Author: Reza Naghibi <reza at naghibi.com>
Date:   Mon Mar 8 11:27:16 2021 -0500

    Make sure resp.reason is on workspace before using it in vcl_synth
    
    We can incorrectly reference resp.reason from other sources when
    jumping into vcl_synth. This also covers passing in a reason in
    vcl_backend_error.

diff --git a/bin/varnishd/cache/cache_vrt.c b/bin/varnishd/cache/cache_vrt.c
index 0a729c0e4..a81b6ba41 100644
--- a/bin/varnishd/cache/cache_vrt.c
+++ b/bin/varnishd/cache/cache_vrt.c
@@ -85,6 +85,14 @@ VRT_synth(VRT_CTX, VCL_INT code, VCL_STRING reason)
 		return;
 	}
 
+	if (reason && !WS_Inside(ctx->ws, reason, NULL)) {
+		reason = WS_Copy(ctx->ws, reason, -1);
+		if (!reason) {
+			VRT_fail(ctx, "Workspace overflow");
+			return;
+		}
+	}
+
 	if (ctx->req == NULL) {
 		CHECK_OBJ_NOTNULL(ctx->bo, BUSYOBJ_MAGIC);
 		ctx->bo->err_code = (uint16_t)code;
diff --git a/bin/varnishtest/tests/r03546.vtc b/bin/varnishtest/tests/r03546.vtc
new file mode 100644
index 000000000..20cf8a85b
--- /dev/null
+++ b/bin/varnishtest/tests/r03546.vtc
@@ -0,0 +1,21 @@
+varnishtest "Synth resp.reason race"
+
+varnish v1 -vcl {
+	backend default none;
+
+	sub vcl_backend_error {
+		set beresp.status = 500;
+		set beresp.reason = "VCL";
+	}
+
+	sub vcl_deliver {
+		return (synth(resp.status, resp.reason));
+	}
+} -start
+
+client c1 {
+	txreq
+	rxresp
+	expect resp.status == 500
+	expect resp.reason == "VCL"
+} -run


More information about the varnish-commit mailing list