Skip to content

V
varnish-cache
Switch branch/tag
History Find file
  • Martin Blix Grydeland's avatar
    Fix buffer overflow in HTC_RxInit on workspace exhaustion · c1fa3248
    Martin Blix Grydeland authored 
    HTC_RxInit and HTC_RxReInit could write a single '\0' NUL character
outside of the workspace when its called and there is zero bytes left
in the workspace. This would trigger the workspace canary causing
subsequent assertion.

Fix by releaving HTC_RxInit and HTC_RxReInit of adding the '\0'
character.

HTC_RxStuff and V1F_FetchRespHdr returns HTC_S_OVERFLOW if the
available buffer space is zero. Both make sure to insert the '\0'
character just before calling the completion check function.

Note that this fix does not change the fact that we have exchausted
the workspace and are unable to continue. Varnishd will panic
nonetheless, but at least we have not stepped out of our boundries.

Ref: #1834
    c1fa3248
Name
Last commit
 Last update
bin Loading commit data...
devscripts Loading commit data...
doc Loading commit data...
etc Loading commit data...
include Loading commit data...
lib Loading commit data...
m4 Loading commit data...
man Loading commit data...
.gitignore Loading commit data...
.syntastic_c_config Loading commit data...
.travis.yml Loading commit data...
CONTRIBUTING Loading commit data...
ChangeLog Loading commit data...
INSTALL Loading commit data...
LICENSE Loading commit data...
Makefile.am Loading commit data...
Makefile.inc.phk Loading commit data...
Makefile.phk Loading commit data...
README.Packaging Loading commit data...
README.rst Loading commit data...
autogen.des Loading commit data...
autogen.sh Loading commit data...
config.phk Loading commit data...
configure.ac Loading commit data...
flint.lnt Loading commit data...
varnish-legacy.m4 Loading commit data...
varnish.m4 Loading commit data...
varnishapi-uninstalled.pc.in Loading commit data...
varnishapi.pc.in Loading commit data...