From 93822ae0aa5281427069fb08fef417100aa209b4 Mon Sep 17 00:00:00 2001 From: phk Date: Fri, 17 Oct 2008 09:03:21 +0000 Subject: [PATCH] Fix a segfault on certain garbed HTTP request headers. Fixes: #354 git-svn-id: svn+ssh://projects.linpro.no/svn/varnish/trunk@3315 d4fa192b-c00b-0410-8231-f00ffab90ce4 --- varnish-cache/bin/varnishd/cache_center.c | 1 + varnish-cache/bin/varnishd/cache_http.c | 9 +++++---- varnish-cache/bin/varnishtest/tests/r00354.vtc | 16 ++++++++++++++++ 3 files changed, 22 insertions(+), 4 deletions(-) create mode 100644 varnish-cache/bin/varnishtest/tests/r00354.vtc diff --git a/varnish-cache/bin/varnishd/cache_center.c b/varnish-cache/bin/varnishd/cache_center.c index de730b10..21a9199a 100644 --- a/varnish-cache/bin/varnishd/cache_center.c +++ b/varnish-cache/bin/varnishd/cache_center.c @@ -308,6 +308,7 @@ cnt_error(struct sess *sp) /* We always close when we take this path */ sp->doclose = "error"; + sp->wantbody = 1; w = sp->wrk; if (sp->obj == NULL) { diff --git a/varnish-cache/bin/varnishd/cache_http.c b/varnish-cache/bin/varnishd/cache_http.c index e418bbe5..360e5d8c 100644 --- a/varnish-cache/bin/varnishd/cache_http.c +++ b/varnish-cache/bin/varnishd/cache_http.c @@ -496,16 +496,17 @@ http_DissectRequest(struct sess *sp) i = http_splitline(sp->wrk, sp->fd, hp, htc, HTTP_HDR_REQ, HTTP_HDR_URL, HTTP_HDR_PROTO); - hp->protover = 0.9; + if (i != 0) { + WSPR(sp, SLT_HttpGarbage, htc->rxbuf); + return (i); + } + if (!strcmp(hp->hd[HTTP_HDR_PROTO].b, "HTTP/1.0")) hp->protover = 1.0; else if (!strcmp(hp->hd[HTTP_HDR_PROTO].b, "HTTP/1.1")) hp->protover = 1.1; else hp->protover = 0.9; - - if (i != 0) - WSPR(sp, SLT_HttpGarbage, htc->rxbuf); return (i); } diff --git a/varnish-cache/bin/varnishtest/tests/r00354.vtc b/varnish-cache/bin/varnishtest/tests/r00354.vtc new file mode 100644 index 00000000..18dc332f --- /dev/null +++ b/varnish-cache/bin/varnishtest/tests/r00354.vtc @@ -0,0 +1,16 @@ +# $Id$ + +test "#354 Segfault in strcmp in http_DissectRequest()" + +server s1 { + rxreq + txresp +} + +varnish v1 -vcl+backend {} -start + +client c1 { + send "FOO\r\n\r\n" + rxresp + expect resp.status == 400 +} -run -- 2.39.5