Skip to content

V
varnish-cache
Commit 20adece3 authored by Poul-Henning Kamp's avatar Poul-Henning Kamp
Browse files
Options

Move the responsibility for NUL terminating the RX buffer into the 

completion function.

Fixes #2285
parent 3f4a5a1b
Hide whitespace changes
Inline Side-by-side
Showing with 24 additions and 14 deletions
bin/varnishd/cache/cache_session.c
View file @ 20adece3
......@@ -237,7 +237,7 @@ HTC_RxStuff(struct http_conn *htc, htc_complete_f *func,
double tmo;
double now;
enum htc_status_e hs;
int i;
ssize_t z;
CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
AN(htc->rfd);
......@@ -255,15 +255,16 @@ HTC_RxStuff(struct http_conn *htc, htc_complete_f *func,
WS_ReleaseP(htc->ws, htc->rxbuf_b);
return (HTC_S_OVERFLOW);
}
if ((htc->ws->r - htc->rxbuf_b) - 1L < maxbytes)
maxbytes = (htc->ws->r - htc->rxbuf_b) - 1L; /* Space for NUL */
z = (htc->ws->r - htc->rxbuf_b);
if (z < maxbytes)
maxbytes = z;
while (1) {
now = VTIM_real();
AZ(htc->pipeline_b);
AZ(htc->pipeline_e);
assert(htc->rxbuf_e < htc->ws->r);
*htc->rxbuf_e = '\0';
assert(htc->rxbuf_e <= htc->ws->r);
hs = func(htc);
if (hs == HTC_S_OVERFLOW || hs == HTC_S_JUNK) {
WS_ReleaseP(htc->ws, htc->rxbuf_b);
......@@ -290,21 +291,21 @@ HTC_RxStuff(struct http_conn *htc, htc_complete_f *func,
tmo = tn - now;
if (!isnan(ti) && ti < tn)
tmo = ti - now;
i = maxbytes - (htc->rxbuf_e - htc->rxbuf_b);
assert(i >= 0);
if (i == 0) {
z = maxbytes - (htc->rxbuf_e - htc->rxbuf_b);
assert(z >= 0);
if (z == 0) {
WS_ReleaseP(htc->ws, htc->rxbuf_b);
return (HTC_S_OVERFLOW);
}
if (tmo <= 0.0)
tmo = 1e-3;
i = VTCP_read(*htc->rfd, htc->rxbuf_e, i, tmo);
if (i == 0 || i == -1) {
z = VTCP_read(*htc->rfd, htc->rxbuf_e, z, tmo);
if (z == 0 || z == -1) {
WS_ReleaseP(htc->ws, htc->rxbuf_b);
return (HTC_S_EOF);
} else if (i > 0)
htc->rxbuf_e += i;
else if (i == -2) {
} else if (z > 0)
htc->rxbuf_e += z;
else if (z == -2) {
if (hs == HTC_S_EMPTY && ti <= now) {
WS_ReleaseP(htc->ws, htc->rxbuf_b);
return (HTC_S_IDLE);
......
bin/varnishd/http1/cache_http1_proto.c
View file @ 20adece3
......@@ -73,7 +73,11 @@ HTTP1_Complete(struct http_conn *htc)
CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
assert(htc->rxbuf_e >= htc->rxbuf_b);
assert(*htc->rxbuf_e == '\0');
assert(htc->rxbuf_e <= htc->ws->r);
if (htc->rxbuf_e == htc->ws->r)
return (HTC_S_OVERFLOW); // No space for NUL
*htc->rxbuf_e = '\0';
/* Skip any leading white space */
for (p = htc->rxbuf_b ; vct_islws(*p); p++)
......
bin/varnishd/proxy/cache_proxy_proto.c
View file @ 20adece3
......@@ -297,6 +297,9 @@ vpx_complete(struct http_conn *htc)
CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
assert(htc->rxbuf_e >= htc->rxbuf_b);
assert(htc->rxbuf_e <= htc->ws->r);
l = htc->rxbuf_e - htc->rxbuf_b;
p = htc->rxbuf_b;
j = 0x3;
......@@ -308,6 +311,8 @@ vpx_complete(struct http_conn *htc)
if (j == 0)
return (HTC_S_JUNK);
if (j == 1 && i == sizeof vpx1_sig) {
assert (htc->rxbuf_e < htc->ws->r);
*htc->rxbuf_e = '\0';
q = strchr(p + i, '\n');
if (q != NULL && (q - htc->rxbuf_b) > 107)
return (HTC_S_OVERFLOW);
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment