Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
openSUSE:Leap:15.1:Update
varnish.12875
0001-Handle-badly-formatted-proxy-TLVs.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File 0001-Handle-badly-formatted-proxy-TLVs.patch of Package varnish.12875
From d28b56d2638c7e12bd16fba4e2ccd00789bb84c8 Mon Sep 17 00:00:00 2001 From: Martin Blix Grydeland <martin@varnish-software.com> Date: Thu, 12 Dec 2019 14:53:48 +0100 Subject: [PATCH] Handle badly formatted proxy TLVs Proxy TLVs claiming to have PP2_TYPE_SSL sub-TLVs without complete payload would cause a Varnish assert. This patch fixes the parsing of the TLVs. --- bin/varnishd/proxy/cache_proxy_proto.c | 9 +++++++-- diff --git a/bin/varnishd/proxy/cache_proxy_proto.c b/bin/varnishd/proxy/cache_proxy_proto.c index c6255b6e6..15b243491 100644 --- a/bin/varnishd/proxy/cache_proxy_proto.c +++ b/bin/varnishd/proxy/cache_proxy_proto.c @@ -276,8 +276,9 @@ vpx_tlv_itern(struct vpx_tlv_iter *vpi) return (1); } -#define VPX_TLV_FOREACH(ptr, len, itv) \ - for(vpx_tlv_iter0(itv, ptr, len); vpx_tlv_itern(itv);) +#define VPX_TLV_FOREACH(ptr, len, itv) \ + for (vpx_tlv_iter0(itv, ptr, len); \ + (vpi->e == NULL) && vpx_tlv_itern(itv);) int VPX_tlv(const struct req *req, int typ, void **dst, int *len) @@ -453,6 +454,10 @@ vpx_proto2(const struct worker *wrk, struct req *req) VPX_TLV_FOREACH(d, l, vpi) { if (vpi->t == PP2_TYPE_SSL) { + if (vpi->l < 5) { + vpi->e = "Length Error"; + break; + } VPX_TLV_FOREACH((char*)vpi->p + 5, vpi->l - 5, vpi2) { } vpi->e = vpi2->e; -- 2.26.2
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor