Commit 46b5261c authored by Geoff Simmons's avatar Geoff Simmons

Bugfix: off-by-one errors in the rewrite methods and functions.

The terminating null byte for the C string result is written at
the index given by std::string.size() for the C++ string. It had
been written at one past that index.

WS_Release() must then ensure that the terminating null byte is
within the allocated portion of workspace.
parent e83ec5e4
...@@ -74,3 +74,42 @@ logexpect l1 -v v1 -d 1 -g vxid -q "VCL_Error" { ...@@ -74,3 +74,42 @@ logexpect l1 -v v1 -d 1 -g vxid -q "VCL_Error" {
expect * = End expect * = End
} -run } -run
# Tests for the off-by-one error discovered in vre2_rewrite().
varnish v1 -vcl {
import ${vmod_re2};
backend b { .host = "${bad_ip}"; }
sub vcl_init {
new set_redir = re2.set();
set_redir.add("^(https?://www\.domain\.com)(/sitemap-news.*)",
"\1/www\2", save=true);
set_redir.add("^(https?://)(www\.domain\.com|stats\.domain\.com|www\.domaincae[0-9]{1,2}\.com)/preisvergleich(/|$)(.*)",
"\1preisvergleich.fs.domain.com/\4", save=true);
set_redir.compile();
}
sub vcl_recv {
return(synth(200));
}
sub vcl_synth {
if (set_redir.match(req.http.X-Varnish-URI)) {
set resp.http.X-Redir
= set_redir.sub(req.http.X-Varnish-URI,
set_redir.string (select=FIRST),
select=FIRST);
}
}
}
client c1 {
txreq -hdr "X-Varnish-URI: https://www.domain.com/sitemap-news-0.xml.gz"
rxresp
expect resp.status == 200
expect resp.http.X-Redir == "https://www.domain.com/www/sitemap-news-0.xml.gz"
txreq -hdr "X-Varnish-URI: https://www.domain.com/preisvergleich/bilder/topkategorien/auto/auto-allereifen2.jpg"
rxresp
expect resp.status == 200
expect resp.http.X-Redir == "https://preisvergleich.fs.domain.com/bilder/topkategorien/auto/auto-allereifen2.jpg"
} -run
...@@ -141,3 +141,43 @@ logexpect l1 -v v1 -d 1 -g vxid -q "VCL_Error" { ...@@ -141,3 +141,43 @@ logexpect l1 -v v1 -d 1 -g vxid -q "VCL_Error" {
expect * = End expect * = End
} -run } -run
# Tests for the off-by-one error discovered in vre2_rewrite().
varnish v1 -vcl {
import ${vmod_re2};
backend b { .host = "${bad_ip}"; }
sub vcl_init {
new rewrite1
= re2.regex("^(https?://www\.domain\.com)(/sitemap-news.*)");
new rewrite2
= re2.regex("^(https?://)(www\.domain\.com|stats\.domain\.com|www\.domaincae[0-9]{1,2}\.com)/preisvergleich(/|$)(.*)");
}
sub vcl_recv {
return(synth(200));
}
sub vcl_synth {
if (rewrite1.match(req.http.X-Varnish-URI)) {
set resp.http.X-Redir
= rewrite1.sub(req.http.X-Varnish-URI, "\1/www\2");
}
elsif (rewrite2.match(req.http.X-Varnish-URI)) {
set resp.http.X-Redir
= rewrite2.sub(req.http.X-Varnish-URI,
"\1preisvergleich.fs.domain.com/\4");
}
}
}
client c1 {
txreq -hdr "X-Varnish-URI: https://www.domain.com/sitemap-news-0.xml.gz"
rxresp
expect resp.status == 200
expect resp.http.X-Redir == "https://www.domain.com/www/sitemap-news-0.xml.gz"
txreq -hdr "X-Varnish-URI: https://www.domain.com/preisvergleich/bilder/topkategorien/auto/auto-allereifen2.jpg"
rxresp
expect resp.status == 200
expect resp.http.X-Redir == "https://preisvergleich.fs.domain.com/bilder/topkategorien/auto/auto-allereifen2.jpg"
} -run
...@@ -216,7 +216,7 @@ rewritef(VRT_CTX, vre2 * restrict vre2, const rewrite_e mode, VCL_STRING text, ...@@ -216,7 +216,7 @@ rewritef(VRT_CTX, vre2 * restrict vre2, const rewrite_e mode, VCL_STRING text,
WS_Release(ctx->ws, 0); WS_Release(ctx->ws, 0);
return fallback; return fallback;
} }
WS_Release(ctx->ws, len); WS_Release(ctx->ws, len + 1);
return ret; return ret;
} }
......
...@@ -210,7 +210,7 @@ vre2_rewrite(vre2 *vre2, const rewrite_e mode, const char * const text, ...@@ -210,7 +210,7 @@ vre2_rewrite(vre2 *vre2, const rewrite_e mode, const char * const text,
return NULL; return NULL;
if (result.size() + 1 > bytes) if (result.size() + 1 > bytes)
throw runtime_error("insufficient workspace"); throw runtime_error("insufficient workspace");
*len = result.size() + 1; *len = result.size();
result.copy(dest, *len); result.copy(dest, *len);
dest[*len] = '\0'; dest[*len] = '\0';
return NULL; return NULL;
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment