return EINVAL for invalid Set-/Cookie syntax

README.rst

@@ -99,7 +99,8 @@ Possible return strings are:
 * "Value too large for defined data type" or your current locale's
   translation for ``EOVERFLOW``: too many cookies in use (see
   limitations_)
-
+* "Invalid argument" or your current locale's translation for
+  ``EINVAL``: a Cookie or Set-Cookie header had an illegal syntax
 * "new cookies: not even the header name fits"
 * "new cookies dont fit": Cookies don't fit into the workspace of size
   ``HTTP0_WS_SIZE`` (see limitations_)

src/tests/vmod_esicookies_corners.vtc

+varnishtest "vmod_esicookies corner cases"
+
+server s1 {
+        # cookie with empty value from client
+        rxreq
+        expect req.url == "/includer1"
+        expect req.http.Cookie == "fromclient="
+        txresp -body {
+                <html>
+                Before include
+                <esi:include src="/included1"/>
+                After include
+        }
+        rxreq 
+        expect req.url == "/included1"
+        expect req.http.Cookie == "fromclient="
+        txresp -body {
+                Included file
+        }
+
+        # cookie with name but no equals sign or value from client
+        rxreq
+        expect req.url == "/includer2"
+        expect req.http.Cookie == "fromclient"
+        txresp -body {
+                <html>
+                Before include
+                <esi:include src="/included2"/>
+                After include
+        }
+        rxreq 
+        expect req.url == "/included2"
+        expect req.http.Cookie == "fromclient"
+        txresp -body {
+                Included file
+        }
+
+        # empty cookie header from client
+        rxreq
+        expect req.url == "/includer3"
+        expect req.http.Cookie == ""
+        txresp -body {
+                <html>
+                Before include
+                <esi:include src="/included3"/>
+                After include
+        }
+        rxreq 
+        expect req.url == "/included3"
+        expect req.http.Cookie == ""
+        txresp -body {
+                Included file
+        }
+
+        # cookie with equals sign and value but no name from client
+        rxreq
+        expect req.url == "/includer4"
+        expect req.http.Cookie == "=1"
+        txresp -body {
+                <html>
+                Before include
+                <esi:include src="/included4"/>
+                After include
+        }
+        rxreq 
+        expect req.url == "/included4"
+        expect req.http.Cookie == "=1"
+        txresp -body {
+                Included file
+        }
+
+        # cookie with empty value from response
+        rxreq
+        expect req.url == "/includer5"
+        expect req.http.Cookie == "fromclient=1"
+        txresp -hdr "Set-Cookie: fromresponse=" \
+               -body {
+                <html>
+                Before include
+                <esi:include src="/included5"/>
+                After include
+        }
+        rxreq 
+        expect req.url == "/included5"
+        expect req.http.Cookie == "fromclient=1"
+        txresp -body {
+                Included file
+        }
+
+        # Set-Cookie response with name but no equals sign or value
+        rxreq
+        expect req.url == "/includer6"
+        expect req.http.Cookie == "fromclient=1"
+        txresp -hdr "Set-Cookie: fromresponse" \
+               -body {
+                <html>
+                Before include
+                <esi:include src="/included6"/>
+                After include
+        }
+        rxreq 
+        expect req.url == "/included6"
+        expect req.http.Cookie == "fromclient=1"
+        txresp -body {
+                Included file
+        }
+
+        # empty Set-Cookie response
+        rxreq
+        expect req.url == "/includer7"
+        expect req.http.Cookie == "fromclient=1"
+        txresp -hdr "Set-Cookie:" \
+               -body {
+                <html>
+                Before include
+                <esi:include src="/included7"/>
+                After include
+        }
+        rxreq 
+        expect req.url == "/included7"
+        expect req.http.Cookie == "fromclient=1"
+        txresp -body {
+                Included file
+        }
+
+        # Set-Cookie response with equals sign and value but no name
+        rxreq
+        expect req.url == "/includer8"
+        expect req.http.Cookie == "fromclient=1"
+        txresp -hdr "Set-Cookie: =1" \
+               -body {
+                <html>
+                Before include
+                <esi:include src="/included8"/>
+                After include
+        }
+        rxreq 
+        expect req.url == "/included8"
+        expect req.http.Cookie == "fromclient=1"
+        txresp -body {
+                Included file
+        }
+} -start
+
+varnish v1 -vcl+backend {
+	import esicookies from "${vmod_topbuild}/src/.libs/libvmod_esicookies.so" ;
+
+	sub vcl_fetch {
+            set req.http.X-Err = esicookies.to_http0_e(beresp.http.Set-Cookie);
+	    set beresp.do_esi = true;
+	}
+
+        sub vcl_deliver {
+            if (req.http.X-Err) {
+               set resp.http.X-Err = req.http.X-Err;
+            }
+        }
+} -start
+
+client c1 {
+        # cookie with empty value from client
+	txreq -url "/includer1"  -hdr "Cookie: fromclient="
+	rxresp
+        expect resp.body == "\n                <html>\n                Before include\n                \n                Included file\n        \n                After include\n        "
+        expect resp.bodylen == 149
+        expect resp.http.X-Err == "Invalid argument"
+
+        # cookie with name but no equals sign or value from client
+	txreq -url "/includer2"  -hdr "Cookie: fromclient"
+	rxresp
+        expect resp.bodylen == 149
+        expect resp.http.X-Err == "Invalid argument"
+
+        # empty cookie header from client
+	txreq -url "/includer3"  -hdr "Cookie:"
+	rxresp
+        expect resp.bodylen == 149
+        expect resp.http.X-Err == "Invalid argument"
+
+        # cookie with equals sign and value but no name from client
+	txreq -url "/includer4"  -hdr "Cookie: =1"
+	rxresp
+        expect resp.bodylen == 149
+        expect resp.http.X-Err == "Invalid argument"
+
+        # Set-Cookie response with empty value
+	txreq -url "/includer5" -hdr "Cookie: fromclient=1"
+	rxresp
+        expect resp.bodylen == 149
+        expect resp.http.Set-Cookie == "fromresponse="
+        expect resp.http.X-Err == "Invalid argument"
+
+        # Set-Cookie response with name but no equals sign or value
+	txreq -url "/includer6" -hdr "Cookie: fromclient=1"
+	rxresp
+        expect resp.bodylen == 149
+        expect resp.http.Set-Cookie == "fromresponse"
+        expect resp.http.X-Err == "Invalid argument"
+
+        # empty Set-Cookie response
+	txreq -url "/includer7" -hdr "Cookie: fromclient=1"
+	rxresp
+        expect resp.bodylen == 149
+        expect resp.http.Set-Cookie == ""
+        expect resp.http.X-Err == "Invalid argument"
+
+        # Set-Cookie response with equals sign and value but no name
+	txreq -url "/includer8" -hdr "Cookie: fromclient=1"
+	rxresp
+        expect resp.bodylen == 149
+        expect resp.http.Set-Cookie == "=1"
+        expect resp.http.X-Err == "Invalid argument"
+} -run

src/vmod_esicookies.c

@@ -285,6 +285,8 @@ vesico_analyze_cookie_header(struct sess *sp, const txt hdr,
 		while (isspace(*pp))
 			pp--;
 		c->name.e = pp + 1;
+		if (c->name.b >= c->name.e)
+			goto cookie_invalid;
 
 		p++;
 		while (isspace(*p))
@@ -297,7 +299,8 @@ vesico_analyze_cookie_header(struct sess *sp, const txt hdr,
 			while (isspace(*pp))
 				pp--;
 			pp++;
-			assert(pp > c->value.b);
+			if (pp <= c->value.b)
+				goto cookie_invalid;
 			c->value.e = pp;
 			
 			// skip forward to next cookie
@@ -309,7 +312,8 @@ vesico_analyze_cookie_header(struct sess *sp, const txt hdr,
 			while (isspace(*pp))
 				pp--;
 			pp++;
-			assert(pp > c->value.b);
+			if (pp <= c->value.b)
+				goto cookie_invalid;
 			c->value.e = pp;
 
 			p = NULL;
@@ -331,11 +335,10 @@ vesico_analyze_cookie_header(struct sess *sp, const txt hdr,
 		continue;
 
 	  cookie_invalid:
-		DSL(0x40000000, SLT_Debug, sp->fd ? sp->fd : sp->id, "%s vmod_http0: invalid Cookie %s",
-		    sp->fd ? "fd" : "id",
-		    c->name.b);
-
+		WSP(sp, SLT_VCL_error,
+		    "vmod esicookies http0: invalid header '%s'", hdr.b);
 		cs->used--;
+		return EINVAL;
 	}
 	return 0;
 }