Add an assert preventing buffer overflows

Make sure that the workspace can accomodate the pipelined data before memmoving it into place. Add a comment on an open issue in the H2 code path that could trigger this assert.

Add an assert preventing buffer overflows
Make sure that the workspace can accomodate the pipelined data before memmoving it into place. Add a comment on an open issue in the H2 code path that could trigger this assert.
23ca54d8 · Martin Blix Grydeland · 333e6da1 · 23ca54d8 · 23ca54d8
Commit 23ca54d8 authored Nov 28, 2016 by Martin Blix Grydeland
Hide whitespace changes
Inline Side-by-side

Showing with 4 additions and 0 deletions

cache_session.c bin/varnishd/cache/cache_session.c +1 -0

cache_http2_proto.c bin/varnishd/http2/cache_http2_proto.c +3 -0

No files found.
--- a/bin/varnishd/cache/cache_session.c
+++ b/bin/varnishd/cache/cache_session.c
@@ -196,6 +196,7 @@ HTC_RxInit(struct http_conn *htc, struct ws *ws)
 	if (htc->pipeline_b != NULL) {
 		l = htc->pipeline_e - htc->pipeline_b;
 		assert(l > 0);
+		assert(l <= ws->r - htc->rxbuf_b);
 		memmove(htc->rxbuf_b, htc->pipeline_b, l);
 		htc->rxbuf_e += l;
 		htc->pipeline_b = NULL;

--- a/bin/varnishd/http2/cache_http2_proto.c
+++ b/bin/varnishd/http2/cache_http2_proto.c
@@ -661,6 +661,9 @@ h2_new_ou_session(struct worker *wrk, struct h2_sess *h2,
 	h2->htc->pipeline_e = req->htc->pipeline_e;
 	req->htc->pipeline_b = NULL;
 	req->htc->pipeline_e = NULL;
+	/* XXX: This call may assert on buffer overflow if the pipelined
+	   data exceeds the available space in the aws workspace. What to
+	   do about the overflowing data is an open issue. */
 	HTC_RxInit(h2->htc, wrk->aws);

 	/* Start req thread */