[6.0] 3cd55a65e std.ip: Always provide some form of fallback
Dridi Boukelmoune
dridi.boukelmoune at gmail.com
Tue Nov 30 17:44:06 UTC 2021
commit 3cd55a65ec2c58f819d84b61a819a30470796cb3
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date: Mon Nov 29 16:00:20 2021 +0100
std.ip: Always provide some form of fallback
Otherwise valid code can panic on workspace exhaustion:
std.ip(req.http.X-Real-IP, std.ip(req.http.X-Client-IP, client.ip))
If the nested std.ip() call runs out of workspace, it will return a null
ip instead of the fallback, and the outer std.ip() call will panic upon
checking the suckaddr sanity.
Refs #3746
diff --git a/lib/libvmod_std/vmod_std_conversions.c b/lib/libvmod_std/vmod_std_conversions.c
index 0bfa0ad7f..89fe23160 100644
--- a/lib/libvmod_std/vmod_std_conversions.c
+++ b/lib/libvmod_std/vmod_std_conversions.c
@@ -90,7 +90,7 @@ vmod_ip(VRT_CTX, VCL_STRING s, VCL_IP d, VCL_BOOL n, VCL_STRING default_port)
p = WS_Alloc(ctx->ws, vsa_suckaddr_len);
if (p == NULL) {
VRT_fail(ctx, "std.ip: insufficient workspace");
- return (NULL);
+ return (d);
}
if (s != NULL)
More information about the varnish-commit
mailing list