r4250 - in branches/2.0/varnish-cache/bin: varnishd varnishtest/tests

Mon Sep 28 12:13:48 CEST 2009

Author: tfheen
Date: 2009-09-28 12:13:48 +0200 (Mon, 28 Sep 2009)
New Revision: 4250

Added:
   branches/2.0/varnish-cache/bin/varnishtest/tests/r00506.vtc
Modified:
   branches/2.0/varnish-cache/bin/varnishd/cache_http.c
Log:
Merge r4052, r4053: Be more paranoid about backend responses

r4052:
Be more paranoid about backend responses, a response of:
        HTTP/1.1 1000\n\r\n\r
would panic us trying to find a suitable message for 1000.

Now we 503 the response instead.

Fixes #506

r4053:
Regression test for #506



Modified: branches/2.0/varnish-cache/bin/varnishd/cache_http.c
===================================================================

--- branches/2.0/varnish-cache/bin/varnishd/cache_http.c	2009-09-28 09:56:02 UTC (rev 4249)
+++ branches/2.0/varnish-cache/bin/varnishd/cache_http.c	2009-09-28 10:13:48 UTC (rev 4250)
@@ -503,25 +503,35 @@
 http_DissectResponse(struct worker *w, const struct http_conn *htc,
     struct http *hp)
 {
-	int i;
+	int i = 0;
 
 	CHECK_OBJ_NOTNULL(htc, HTTP_CONN_MAGIC);
 	CHECK_OBJ_NOTNULL(hp, HTTP_MAGIC);
 	hp->logtag = HTTP_Rx;
 
-	i = http_splitline(w, htc->fd, hp, htc,
-	    HTTP_HDR_PROTO, HTTP_HDR_STATUS, HTTP_HDR_RESPONSE);
+	if (http_splitline(w, htc->fd, hp, htc,
+	    HTTP_HDR_PROTO, HTTP_HDR_STATUS, HTTP_HDR_RESPONSE))
+		i = 503;
 
-	if (i != 0 || memcmp(hp->hd[HTTP_HDR_PROTO].b, "HTTP/1.", 7))
+	if (i == 0 && memcmp(hp->hd[HTTP_HDR_PROTO].b, "HTTP/1.", 7))
+		i = 503;
+
+	if (i == 0 && Tlen(hp->hd[HTTP_HDR_STATUS]) != 3)
+		i = 503;
+
+	if (i == 0) {
+		hp->status = strtoul(hp->hd[HTTP_HDR_STATUS].b, NULL, 10);
+		if (hp->status < 100 || hp->status > 999)
+			i = 503;
+	}
+
+	if (i != 0) {
 		WSLR(w, SLT_HttpGarbage, htc->fd, htc->rxbuf);
-	if (i != 0) {
-		if (hp->status == 0)
-			hp->status = i;
+		hp->status = i;
 	} else {
-		hp->status =
-		    strtoul(hp->hd[HTTP_HDR_STATUS].b, NULL /* XXX */, 10);
+		http_ProtoVer(hp);
 	}
-	http_ProtoVer(hp);
+
 	if (hp->hd[HTTP_HDR_RESPONSE].b == NULL ||
 	    !Tlen(hp->hd[HTTP_HDR_RESPONSE])) {
 		/* Backend didn't send a response string, use the standard */

Copied: branches/2.0/varnish-cache/bin/varnishtest/tests/r00506.vtc (from rev 4053, trunk/varnish-cache/bin/varnishtest/tests/r00506.vtc)
===================================================================
--- branches/2.0/varnish-cache/bin/varnishtest/tests/r00506.vtc	                        (rev 0)
+++ branches/2.0/varnish-cache/bin/varnishtest/tests/r00506.vtc	2009-09-28 10:13:48 UTC (rev 4250)
@@ -0,0 +1,18 @@
+# $Id$
+
+test "Illegal HTTP status from backend"
+
+server s1 {
+	rxreq
+	send "HTTP/1.1 1000\n\nFoo"
+} -start
+
+varnish v1 -vcl+backend {
+	sub vcl_recv {
+	}
+} -start
+
+client c1 {
+	txreq
+	rxresp
+} -run

