Don't panic if the chunked header is ridiculously long, just fail

the transaction.

Fixes #387

git-svn-id: svn+ssh://projects.linpro.no/svn/varnish/trunk@3500 d4fa192b-c00b-0410-8231-f00ffab90ce4

diff --git a/varnish-cache/bin/varnishd/cache_fetch.c b/varnish-cache/bin/varnishd/cache_fetch.c
index fed310034fb164092a614ae2c6a78618dd4f85c1..ec6a9e6a096dd6e737e9ff3b3559b34f8b1eccc9 100644 (file)
--- a/varnish-cache/bin/varnishd/cache_fetch.c
+++ b/varnish-cache/bin/varnishd/cache_fetch.c
@@ -110,7 +110,8 @@ fetch_chunked(struct sess *sp, struct http_conn *htc)
 
                /* If we didn't succeed, add to buffer, try again */
                if (q == NULL || q == buf || *q != '\n') {
-                       xxxassert(be > bp);
+                       if (bp >= be)
+                               return (-1);
                        /*
                         * The semantics we need here is "read until you have
                         * received at least one character, but feel free to

diff --git a/varnish-cache/bin/varnishtest/tests/r00387.vtc b/varnish-cache/bin/varnishtest/tests/r00387.vtc
new file mode 100644 (file)
index 0000000..5d2d352
--- /dev/null
+++ b/varnish-cache/bin/varnishtest/tests/r00387.vtc
@@ -0,0 +1,22 @@
+# $Id$
+
+test "Regression test for #387: too long chunk header"
+
+server s1 {
+       rxreq
+       send "HTTP/1.1 200 Ok\r\n"
+       send "Transfer-encoding: chunked\r\n"
+       send "\r\n"
+       send "004\r\n1234\r\n"
+       send "000000000000000000001\r\n@\r\n"
+       send "00000000\r\n"
+} -start
+
+varnish v1 -vcl+backend {} -start
+
+client c1 {
+       txreq
+       rxresp
+       expect resp.status == 503
+} -run
+