reliable varnish crash using pcre

Jason Price japrice at gmail.com
Wed Aug 5 17:01:59 CEST 2015


Geoff: I'm not responsible for the Regex.  As you point out, it's ... ah...
ill-advised is about as polite as I can be.  I've fixed it in my side of
the world.

I discovered it in a varnish3->4 POC I'm doing. When I saw varnish crashes,
I got concerned, found that ticket, then found I was unable to register
with Trac to update the ticket... so I fell back to updating the mailing
list.

-Jason

On Tue, Aug 4, 2015 at 11:26 PM, Geoff Simmons <geoff at uplex.de> wrote:

> -----BEGIN PGP SIGNED MESSAGE-----
> Hash: SHA256
>
> On 8/5/15 3:07 AM, Jason Price wrote:
> >
> > if (req.url ~ "^((?!_product).)*$") {
>
> Are you certain that this regex really does what you want it to do? It
> matches a URL with this sequence:
>
> * start of string, followed by
> * zero or more repetitions of
>   * a point at which "_product" does not match
>   * followed by any character
> * followed by end of string
>
> My poor imagination fails to come up with a real-world use case for that
> .
>
> For your example:
>
> > "/internal/v2/location?geocode=33.33,44.44&apiKey=hithere"
>
> ... the regex matches the 'e' at the end of the string (try it at
> http://regex101.com/).
>
> If I'm reading it right, your regex will match the empty string, or
> the final character of any non-empty string, provided that the final
> character is not preceded by "_product". Again, I suspect that that's
> not what you wanted.
>
> > This ticket discusses the issue:
> > https://www.varnish-cache.org/trac/ticket/1576   It's closed,
> > however the remedies mentioned don't help ("-p
> > thread_pool_stack=64k").  The ticket did mention a request for
> > minimal VCL to replicate.
>
> That ticket is about regexen that send the PCRE matcher into deep
> recursion, and your regex might have also sent PCRE off the rails
> (negative lookahead within a zero-or-more quantifier could conceivably
> do that).
>
> I think you'd be much better off by rewriting your regex, first of all
> because I doubt that it accomplishes functionally what you're trying
> to do. But also because deep recursion in PCRE, or generally a regex
> that is expensive to match, is in my experience the one thing you can
> do in VCL to get Varnish to run slowly. Poorly written regexen in VCL
> can slow down whole web sites, I've seen it happen (if not to say:
> I've done it myself).
>
>
> HTH,
> Geoff
> - --
> UPLEX Systemoptimierung
> Scheffelstraße 32
> 22301 Hamburg
> http://uplex.de/
> Mob: +49-176-63690917
> -----BEGIN PGP SIGNATURE-----
> Version: GnuPG/MacGPG2 v2.0.14 (Darwin)
>
> iQIcBAEBCAAGBQJVwYJ2AAoJEOUwvh9pJNUR8vwQAIXX9dPtb8nocSv/Fcmt7Imo
> YBbryWrCtz+qakwGc1xMdmk2ul/OgSsZCpoViX9DfVyrxUBsShBtSTsq/bEaOccK
> YXBlwj6TlwX1x4uKLfZIT2mc7QOKz9qYEjyy8Aak/+ImaWC6aUs/6y3VhpdLgkuJ
> bm3Cncs8bWbT1C9KWwViaMNZ4kf19/x62PtGUaP1LzdD3Wqh1STSaKmqC7rN7W4g
> KguTX5jPiuMnGv2ZkT+RtfodCyItAw0b82lQ4Yo0XlA1IMQYFLoDiK95SQUlL0Ad
> /GGWwdUSVoXdQkwJiLH1QooFHqtUPHeF4nDQClwQ5E4pNThg6Za10vjrG57wjMGl
> TUT5OmAVY+tGn9i0kxlR0Kkg0T7Z1k3nMxpzt9ehhR6uyj99lRyytwc9TTD3jcp6
> /y2xOcdMVnbWZasznBO1HNF4ix5l4vas4eicsw2vwFSqk8Onsu/KhWKJ8ti2xH3W
> WsLXtAQYP/iQA2Ouvox7J5ynE/2CFABp23D3DurpBAhnCJ6FZMNYZ4hlrNdZ17Si
> Csu0JJwy+kZodNL4Lp8qWBDCfDWAHc+kSfXFpayYlva7NIrgZi6DOx/f/w71AcyR
> UjxYNFibtZisqUxrnofzpSu2jleIoID3bTVIhOyFNTaqRICQN0ONG8Btl7JBCr4r
> 2Mj23zYEcQM6o4CA5JE8
> =X851
> -----END PGP SIGNATURE-----
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://www.varnish-cache.org/lists/pipermail/varnish-misc/attachments/20150805/db83dfb2/attachment.html>


More information about the varnish-misc mailing list