[master] b0f98e363 varnishd: Restrict the -i argument to HTTP token syntax
Dridi Boukelmoune
dridi.boukelmoune at gmail.com
Fri Aug 5 09:24:09 UTC 2022
commit b0f98e363ac177b10cefbf7187adc317093192a2
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date: Thu Aug 4 08:55:09 2022 +0200
varnishd: Restrict the -i argument to HTTP token syntax
The reason to blindly trust gethostname(3) is that a system returning a
broken host name should not prevent Varnish from starting when there is
no explicit -i option in the command line.
diff --git a/bin/varnishd/mgt/mgt_main.c b/bin/varnishd/mgt/mgt_main.c
index 6cc52a124..2bc920f65 100644
--- a/bin/varnishd/mgt/mgt_main.c
+++ b/bin/varnishd/mgt/mgt_main.c
@@ -51,6 +51,7 @@
#include "hash/hash_slinger.h"
#include "libvcc.h"
#include "vcli_serve.h"
+#include "vct.h"
#include "vend.h"
#include "vev.h"
#include "vfil.h"
@@ -585,6 +586,7 @@ main(int argc, char * const *argv)
const char *S_arg = NULL;
const char *s_arg = "default,100m";
const char *W_arg = NULL;
+ const char *c;
char *p;
struct cli cli[1];
const char *err;
@@ -816,6 +818,10 @@ main(int argc, char * const *argv)
if (i_arg == NULL || *i_arg == '\0')
i_arg = mgt_HostName();
+ else for (c = i_arg; *c != '\0'; c++) {
+ if (!vct_istchar(*c))
+ ARGV_ERR("Invalid character '%c' for -i\n", *c);
+ }
heritage.identity = i_arg;
mgt_ProcTitle("Mgt");
diff --git a/doc/sphinx/reference/varnishd.rst b/doc/sphinx/reference/varnishd.rst
index b97a6f374..144910516 100644
--- a/doc/sphinx/reference/varnishd.rst
+++ b/doc/sphinx/reference/varnishd.rst
@@ -216,8 +216,14 @@ Operations options
-i identity
Specify the identity of the Varnish server. This can be accessed
- using ``server.identity`` from VCL. If not specified the output of
- gethostname(3) is used.
+ using ``server.identity`` from VCL.
+
+ The server identity is used for the ``received-by`` field of ``Via``
+ headers generated by Varnish. For this reason, it must be a valid
+ token as defined by the HTTP grammar.
+
+ If not specified the output of ``gethostname(3)`` is used, in which
+ case the syntax is assumed to be correct.
-I clifile
More information about the varnish-commit
mailing list