Upon success we expect a non-null pointer, and to make sure this is not
residual uninitialized stack memory, it is null'd beforehand.

    /bin/varnishd/cache/cache_acceptor.c: 375 in vca_mk_tcp()
    369     {
    370             struct suckaddr *sa;
    371             ssize_t sz;
    372
    373             AN(SES_Reserve_remote_addr(sp, &sa, &sz));
    374             assert(sz == vsa_suckaddr_len);
    >>>     CID 1517259:  Resource leaks  (RESOURCE_LEAK)
    >>>     Failing to save or free storage allocated by "VSA_Build(sa, &wa->acceptaddr, wa->acceptaddrlen)" leaks it.
    375             AN(VSA_Build(sa, &wa->acceptaddr, wa->acceptaddrlen));
    376             sp->sattr[SA_CLIENT_ADDR] = sp->sattr[SA_REMOTE_ADDR];

It is precisely because we reserve the space to store the built suckaddr
that there won't be a malloc() call made behind our back.

For some reason, it only complained about one call site.

Inspired by: CHERI

Spotted as always: by Dridi

The matching regular expression did not align with the substitution
regular expression.

Refs d2e526ce

Avoid marking an object as an IMS candidate when a weak Last-Modified
header is the only validator. In the case where there is an ETag AND a
weak Last-Modified header, add a If-None-Match header, but do not add
an If-Modified-Since header.

Per RFC9110, the Last-Modified header is not a strong validator unless
it is at least one second older than the Date header. This is to prevent
revalidating content that has been changed within a second of the last
response. In the case of an intermediate cache like Varnish, a weak
Last-Modified validator is "weaker" than a weak ETag, and should not be
used for revalidating content.

This commit prepares varnishtest for a change to Varnish revalidations,
where the Last-Modified header must be at least one second older than
the Date header for Varnish to send an If-Modified-Since header.

Any explicitly defined Date header will override the default, and
the Date header can be omitted with -nodate.

Motivated by #3868

Spotted by GCC's fortification level 3.

As a convenience, the error message includes the actual total length
of data being g[un]zipped, in addition to the total_in amount of data
processed so far.

To be consistent with how the file cursor behaves, the close_fd field is
duplicated in the mmap cursor. If a VUT replaces stdin's file descriptor
with a regular file's fd using dup2(2), we don't want to close it just
because we managed to mmap(2) it.

For some reason we don't use the closefd() macro in the VSL cursor code,
potentially to avoid its underlying assertion in libvarnishapi.

On the other hand we do use it in other places:

    $ git grep -l closefd -- lib/libvarnishapi/
    lib/libvarnishapi/daemon.c
    lib/libvarnishapi/vsm.c

So maybe in a subsequent change `(void)close(fd)` statements could turn
into `closefd(&fd)` in vsl_cursor.c to harden those code paths as well.

As pointed out by Dridi, we should rather not make an attempt to
support un-printable socket names, of which the empty name is
the most prominent case.

For all other non-printable cases (e.g. d\0r\0i\0d\0i), we have
no support to pass them in the first place, because we treat
uds paths as NUL-terminated strings.

We use the commonplace @<name> syntax to specify abstract socket names.

Implements #3863

Motivated by #3864

This commit was guided by the cocci patch below, but lines to change
were manually selected.

Motivated by #3864

	--- 8< ---

@@
expression path;
@@

- *path == '/'
+ VUS_is(path)

@@
expression path;
@@

- *path != '/'
+ ! VUS_is(path)

we only forwarded the result from a single read(), which might have
missed information on the actual error.

space for larger XIDs.  Add a version field.