Additional size checking for session attributes

When we reserve a session attribute, we now check that the reserved space is of the expected size.

Additional size checking for session attributes
When we reserve a session attribute, we now check that the reserved space is of the expected size.
33736b20 · Nils Goroll · bee05dae · 33736b20 · 33736b20 · 33736b20
Unverified Commit 33736b20 authored Jan 08, 2021 by Nils Goroll
5 changed files
--- a/bin/varnishd/cache/cache_acceptor.c
+++ b/bin/varnishd/cache/cache_acceptor.c
@@ -315,8 +315,10 @@ vca_mk_tcp(const struct wrk_accept *wa,
    struct sess *sp, char *laddr, char *lport, char *raddr, char *rport)
 {
 	struct suckaddr *sa;
+	ssize_t sz;

-	AN(SES_Reserve_remote_addr(sp, &sa));
+	AN(SES_Reserve_remote_addr(sp, &sa, &sz));
+	assert(sz == vsa_suckaddr_len);
 	AN(VSA_Build(sa, &wa->acceptaddr, wa->acceptaddrlen));
 	sp->sattr[SA_CLIENT_ADDR] = sp->sattr[SA_REMOTE_ADDR];

@@ -325,8 +327,8 @@ vca_mk_tcp(const struct wrk_accept *wa,
 	AN(SES_Set_String_Attr(sp, SA_CLIENT_PORT, rport));


-	AN(SES_Reserve_local_addr(sp, &sa));
-	AN(VSA_getsockname(sp->fd, sa, vsa_suckaddr_len));
+	AN(SES_Reserve_local_addr(sp, &sa, &sz));
+	AN(VSA_getsockname(sp->fd, sa, sz));
 	sp->sattr[SA_SERVER_ADDR] = sp->sattr[SA_LOCAL_ADDR];
 	VTCP_name(sa, laddr, VTCP_ADDRBUFSIZE, lport, VTCP_PORTBUFSIZE);
 }
@@ -336,9 +338,11 @@ vca_mk_uds(struct wrk_accept *wa, struct sess *sp, char *laddr, char *lport,
 	   char *raddr, char *rport)
 {
 	struct suckaddr *sa;
+	ssize_t sz;

 	(void) wa;
-	AN(SES_Reserve_remote_addr(sp, &sa));
+	AN(SES_Reserve_remote_addr(sp, &sa, &sz));
+	assert(sz == vsa_suckaddr_len);
 	AZ(SES_Set_remote_addr(sp, bogo_ip));
 	sp->sattr[SA_CLIENT_ADDR] = sp->sattr[SA_REMOTE_ADDR];
 	sp->sattr[SA_LOCAL_ADDR] = sp->sattr[SA_REMOTE_ADDR];

--- a/bin/varnishd/cache/cache_session.c
+++ b/bin/varnishd/cache/cache_session.c
@@ -115,14 +115,17 @@ ses_set_attr(const struct sess *sp, enum sess_attr a, const void *src, int sz)
 }

 static int
-ses_res_attr(struct sess *sp, enum sess_attr a, void **dst, int sz)
+ses_res_attr(struct sess *sp, enum sess_attr a, void **dst, ssize_t *szp)
 {
 	unsigned o;
+	ssize_t sz;

 	CHECK_OBJ_NOTNULL(sp, SESS_MAGIC);
 	assert(a < SA_LAST);
-	assert(sz >= 0);
 	AN(dst);
+	sz = *szp;
+	*szp = 0;
+	assert(sz >= 0);
 	if (WS_ReserveSize(sp->ws, sz) == 0)
 		return (0);
 	o = WS_ReservationOffset(sp->ws);
@@ -131,6 +134,7 @@ ses_res_attr(struct sess *sp, enum sess_attr a, void **dst, int sz)
 		return (0);
 	}
 	*dst = WS_Reservation(sp->ws);
+	*szp = sz;
 	sp->sattr[a] = (uint16_t)o;
 	WS_Release(sp->ws, sz);
 	return (1);
@@ -152,10 +156,12 @@ ses_res_attr(struct sess *sp, enum sess_attr a, void **dst, int sz)
 	}								\
 									\
 	int								\
-	SES_Reserve_##low(struct sess *sp, typ **dst)			\
+	SES_Reserve_##low(struct sess *sp, typ **dst, ssize_t *sz)	\
 	{								\
 		assert(len > 0);					\
-		return (ses_res_attr(sp, SA_##UP, (void**)dst, len));	\
+		AN(sz);							\
+		*sz = len;						\
+		return (ses_res_attr(sp, SA_##UP, (void**)dst, sz));	\
 	}

 #include "tbl/sess_attr.h"
@@ -164,6 +170,7 @@ int
 SES_Set_String_Attr(struct sess *sp, enum sess_attr a, const char *src)
 {
 	void *q;
+	ssize_t l, sz;

 	CHECK_OBJ_NOTNULL(sp, SESS_MAGIC);
 	AN(src);
@@ -172,8 +179,10 @@ SES_Set_String_Attr(struct sess *sp, enum sess_attr a, const char *src)
 	if (strcmp(sess_attr[a].type, "char"))
 		WRONG("wrong sess_attr: not char");

-	if (! ses_res_attr(sp, a, &q, strlen(src) + 1))
+	l = sz = strlen(src) + 1;
+	if (! ses_res_attr(sp, a, &q, &sz))
 		return (0);
+	assert(l == sz);
 	strcpy(q, src);
 	return (1);
 }

--- a/bin/varnishd/cache/cache_varnishd.h
+++ b/bin/varnishd/cache/cache_varnishd.h
@@ -408,7 +408,7 @@ enum htc_status_e HTC_RxStuff(struct http_conn *, htc_complete_f *,

 #define SESS_ATTR(UP, low, typ, len)					\
 	int SES_Set_##low(const struct sess *sp, const typ *src);	\
-	int SES_Reserve_##low(struct sess *sp, typ **dst);
+	int SES_Reserve_##low(struct sess *sp, typ **dst, ssize_t *sz);
 #include "tbl/sess_attr.h"
 int SES_Set_String_Attr(struct sess *sp, enum sess_attr a, const char *src);


--- a/bin/varnishd/http1/cache_http1_fsm.c
+++ b/bin/varnishd/http1/cache_http1_fsm.c
@@ -107,6 +107,7 @@ http1_new_session(struct worker *wrk, void *arg)
 	struct sess *sp;
 	struct req *req;
 	uintptr_t *u;
+	ssize_t sz;

 	CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
 	CAST_OBJ_NOTNULL(req, arg, REQ_MAGIC);
@@ -114,7 +115,7 @@ http1_new_session(struct worker *wrk, void *arg)
 	CHECK_OBJ_NOTNULL(sp, SESS_MAGIC);

 	HTC_RxInit(req->htc, req->ws);
-	if (!SES_Reserve_proto_priv(sp, &u)) {
+	if (!SES_Reserve_proto_priv(sp, &u, &sz)) {
 		/* Out of session workspace. Free the req, close the sess,
 		 * and do not set a new task func, which will exit the
 		 * worker thread. */
@@ -123,6 +124,7 @@ http1_new_session(struct worker *wrk, void *arg)
 		SES_Delete(sp, SC_RX_JUNK, NAN);
 		return;
 	}
+	assert(sz == sizeof u);
 	http1_setstate(sp, H1NEWREQ);
 	wrk->task->func = http1_req;
 	wrk->task->priv = req;

--- a/bin/varnishd/proxy/cache_proxy_proto.c
+++ b/bin/varnishd/proxy/cache_proxy_proto.c
@@ -75,6 +75,7 @@ vpx_proto1(const struct worker *wrk, const struct req *req)
 	int i;
 	char *p, *q;
 	struct suckaddr *sa;
+	ssize_t sz;
 	int pfam = -1;

 	CHECK_OBJ_NOTNULL(wrk, WORKER_MAGIC);
@@ -121,8 +122,9 @@ vpx_proto1(const struct worker *wrk, const struct req *req)
 		return (-1);
 	}

-	if (! SES_Reserve_client_addr(req->sp, &sa))
+	if (! SES_Reserve_client_addr(req->sp, &sa, &sz))
 		return (vpx_ws_err(req));
+	assert (sz == vsa_suckaddr_len);

 	if (VSS_ResolveOne(sa, fld[1], fld[3],
 	    pfam, SOCK_STREAM, AI_NUMERICHOST | AI_NUMERICSERV) == NULL) {
@@ -135,8 +137,9 @@ vpx_proto1(const struct worker *wrk, const struct req *req)
 	if (! SES_Set_String_Attr(req->sp, SA_CLIENT_PORT, fld[3]))
 		return (vpx_ws_err(req));

-	if (! SES_Reserve_server_addr(req->sp, &sa))
+	if (! SES_Reserve_server_addr(req->sp, &sa, &sz))
 		return (vpx_ws_err(req));
+	assert (sz == vsa_suckaddr_len);

 	if (VSS_ResolveOne(sa, fld[2], fld[4],
 	    pfam, SOCK_STREAM, AI_NUMERICHOST | AI_NUMERICSERV) == NULL) {
@@ -329,6 +332,7 @@ vpx_proto2(const struct worker *wrk, struct req *req)
 	char *d, *tlv_start;
 	sa_family_t pfam = 0xff;
 	struct suckaddr *sa = NULL;
+	ssize_t sz;
 	char ha[VTCP_ADDRBUFSIZE];
 	char pa[VTCP_PORTBUFSIZE];
 	char hb[VTCP_ADDRBUFSIZE];
@@ -414,8 +418,9 @@ vpx_proto2(const struct worker *wrk, struct req *req)
 	pp = ap + 2 * alen;

 	/* src/client */
-	if (! SES_Reserve_client_addr(req->sp, &sa))
+	if (! SES_Reserve_client_addr(req->sp, &sa, &sz))
 		return (vpx_ws_err(req));
+	assert(sz == vsa_suckaddr_len);
 	AN(VSA_BuildFAP(sa, pfam, ap, alen, pp, plen));
 	VTCP_name(sa, hb, sizeof hb, pb, sizeof pb);

@@ -423,8 +428,9 @@ vpx_proto2(const struct worker *wrk, struct req *req)
 	pp += plen;

 	/* dst/server */
-	if (! SES_Reserve_server_addr(req->sp, &sa))
+	if (! SES_Reserve_server_addr(req->sp, &sa, &sz))
 		return (vpx_ws_err(req));
+	assert(sz == vsa_suckaddr_len);
 	AN(VSA_BuildFAP(sa, pfam, ap, alen, pp, plen));
 	VTCP_name(sa, ha, sizeof ha, pa, sizeof pa);

@@ -467,8 +473,9 @@ vpx_proto2(const struct worker *wrk, struct req *req)
 	INIT_OBJ(tlv, VPX_TLV_MAGIC);
 	tlv->len = tlv_len;
 	memcpy(tlv->tlv, tlv_start, tlv_len);
-	if (! SES_Reserve_proxy_tlv(req->sp, &up))
+	if (! SES_Reserve_proxy_tlv(req->sp, &up, &sz))
 		return (vpx_ws_err(req));
+	assert(sz == sizeof up);
 	*up = (uintptr_t)tlv;
 	return (0);
 }