[master] 8f22397 Correct check when parsing the query string.

[Federico G. Schwindt]

commit 8f22397129b114e6d0d0513685be9908a565f71f
Author: Federico G. Schwindt <fgsch at lodoss.net>
Date:   Sun Feb 26 19:16:22 2017 +0000

    Correct check when parsing the query string.
    
    Fixes #2233.

diff --git a/bin/varnishtest/tests/r02233.vtc b/bin/varnishtest/tests/r02233.vtc
new file mode 100644
index 0000000..1f9b8e2
--- /dev/null
+++ b/bin/varnishtest/tests/r02233.vtc
@@ -0,0 +1,24 @@
+varnishtest "Fail earlier if we cannot fit the query string"
+
+server s1 {
+	rxreq
+	txresp
+} -start
+
+varnish v1 -arg "-p workspace_client=9k" -vcl+backend {
+	import std;
+
+	sub vcl_recv {
+		set req.url = std.querysort(req.url);
+	}
+} -start
+
+client c1 {
+	send "GET /?a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1"
+	send "&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1"
+	send "&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1&a=1"
+	send " HTTP/1.1\r\n"
+	send "Host: foo\r\n\r\n"
+	rxresp
+	expect resp.status == 500
+} -run
diff --git a/lib/libvmod_std/vmod_std_querysort.c b/lib/libvmod_std/vmod_std_querysort.c
index 1d7f5af..2180ff9 100644
--- a/lib/libvmod_std/vmod_std_querysort.c
+++ b/lib/libvmod_std/vmod_std_querysort.c
@@ -93,7 +93,7 @@ vmod_querysort(VRT_CTX, VCL_STRING url)
 	pp[np++] = 1 + cu;
 	for (cq = 1 + cu; *cq != '\0'; cq++) {
 		if (*cq == '&') {
-			if (pp + 3 > pe) {
+			if (pp + np + 3 > pe) {
 				WS_Release(ctx->ws, 0);
 				WS_MarkOverflow(ctx->ws);
 				return (url);