Skip to content
Projects
Groups
Snippets
Help
Loading...
Help
Submit feedback
Contribute to GitLab
Sign in
Toggle navigation
V
varnish-cache
Project
Project
Details
Activity
Releases
Cycle Analytics
Repository
Repository
Files
Commits
Branches
Tags
Contributors
Graph
Compare
Charts
Members
Members
Collapse sidebar
Close sidebar
Activity
Graph
Charts
Commits
Open sidebar
varnishcache
varnish-cache
Commits
48428256
Commit
48428256
authored
Jun 08, 2018
by
Poul-Henning Kamp
Browse files
Options
Browse Files
Download
Email Patches
Plain Diff
Fix PROXY and HTTP/1 proto dissectors to not rely on space for an extra NUL.
parent
e2f00acf
Changes
2
Hide whitespace changes
Inline
Side-by-side
Showing
2 changed files
with
9 additions
and
15 deletions
+9
-15
cache_http1_proto.c
bin/varnishd/http1/cache_http1_proto.c
+5
-11
cache_proxy_proto.c
bin/varnishd/proxy/cache_proxy_proto.c
+4
-4
No files found.
bin/varnishd/http1/cache_http1_proto.c
View file @
48428256
...
...
@@ -37,9 +37,6 @@
* and stops when we see the magic marker (double [CR]NL), and if we overshoot,
* it keeps track of the "pipelined" data.
*
* Until we see the magic marker, we have to keep the rxbuf NUL terminated
* because we use strchr(3) on it.
*
* We use this both for client and backend connections.
*/
...
...
@@ -75,10 +72,6 @@ HTTP1_Complete(struct http_conn *htc)
assert
(
htc
->
rxbuf_e
>=
htc
->
rxbuf_b
);
assert
(
htc
->
rxbuf_e
<=
htc
->
ws
->
r
);
if
(
htc
->
rxbuf_e
==
htc
->
ws
->
r
)
return
(
HTC_S_OVERFLOW
);
// No space for NUL
*
htc
->
rxbuf_e
=
'\0'
;
/* Skip any leading white space */
for
(
p
=
htc
->
rxbuf_b
;
vct_islws
(
*
p
);
p
++
)
continue
;
...
...
@@ -95,12 +88,13 @@ HTTP1_Complete(struct http_conn *htc)
* is completed. More stringent validation happens later.
*/
while
(
1
)
{
p
=
strchr
(
p
,
'\n'
);
p
=
memchr
(
p
,
'\n'
,
htc
->
rxbuf_e
-
p
);
if
(
p
==
NULL
)
return
(
HTC_S_MORE
);
p
++
;
if
(
*
p
==
'\r'
)
p
++
;
if
(
++
p
==
htc
->
rxbuf_e
)
return
(
HTC_S_MORE
);
if
(
*
p
==
'\r'
&&
++
p
==
htc
->
rxbuf_e
)
return
(
HTC_S_MORE
);
if
(
*
p
==
'\n'
)
break
;
}
...
...
bin/varnishd/proxy/cache_proxy_proto.c
View file @
48428256
...
...
@@ -69,13 +69,14 @@ vpx_proto1(const struct worker *wrk, const struct req *req)
CHECK_OBJ_NOTNULL
(
req
,
REQ_MAGIC
);
CHECK_OBJ_NOTNULL
(
req
->
sp
,
SESS_MAGIC
);
q
=
strchr
(
req
->
htc
->
rxbuf_b
,
'\r'
);
q
=
memchr
(
req
->
htc
->
rxbuf_b
,
'\r'
,
req
->
htc
->
rxbuf_e
-
req
->
htc
->
rxbuf_b
);
if
(
q
==
NULL
)
return
(
-
1
);
*
q
++
=
'\0'
;
/* Nuke the CRLF */
if
(
*
q
!=
'\n'
)
if
(
*
q
!=
'\n'
||
q
==
req
->
htc
->
rxbuf_e
)
return
(
-
1
);
*
q
++
=
'\0'
;
...
...
@@ -515,8 +516,7 @@ vpx_complete(struct http_conn *htc)
return
(
HTC_S_JUNK
);
if
(
j
==
1
&&
i
==
sizeof
vpx1_sig
)
{
assert
(
htc
->
rxbuf_e
<
htc
->
ws
->
r
);
*
htc
->
rxbuf_e
=
'\0'
;
q
=
strchr
(
p
+
i
,
'\n'
);
q
=
memchr
(
p
+
i
,
'\n'
,
htc
->
rxbuf_e
-
(
p
+
i
));
if
(
q
!=
NULL
&&
(
q
-
htc
->
rxbuf_b
)
>
107
)
return
(
HTC_S_OVERFLOW
);
if
(
q
==
NULL
)
...
...
Write
Preview
Markdown
is supported
0%
Try again
or
attach a new file
Attach a file
Cancel
You are about to add
0
people
to the discussion. Proceed with caution.
Finish editing this message first!
Cancel
Please
register
or
sign in
to comment
