[master] 685a57869 Guard against hash collisions in the vtp code
Nils Goroll
nils.goroll at uplex.de
Wed Oct 30 06:27:06 UTC 2019
commit 685a578691b6986fde95d1d01abbd1575a97f022
Author: Nils Goroll <nils.goroll at uplex.de>
Date: Wed Oct 30 07:19:27 2019 +0100
Guard against hash collisions in the vtp code
We use the first 64bit of a sha256 as our pool id, assuming that those
are safe enough against collisions. Ensure we do not fail on that
assumption.
This also makes it a caller error to deliberately use the same pool id
for different endpoints. As this was not possible before the id change,
I do not consider it a regression.
Ref: ec70dbc7502f8fbe6c8eb5af6108df4168500f9a
diff --git a/bin/varnishd/cache/cache_tcp_pool.c b/bin/varnishd/cache/cache_tcp_pool.c
index bb854540c..14c9577cd 100644
--- a/bin/varnishd/cache/cache_tcp_pool.c
+++ b/bin/varnishd/cache/cache_tcp_pool.c
@@ -685,12 +685,24 @@ VTP_Ref(const struct suckaddr *ip4, const struct suckaddr *ip6, const char *uds,
(uds == NULL && (ip4 != NULL || ip6 != NULL)));
cp = VCP_Ref(id);
- if (cp != NULL)
+ if (cp != NULL) {
+ tp = cp->priv;
+ CHECK_OBJ_NOTNULL(tp, TCP_POOL_MAGIC);
+
+ if (uds != NULL) {
+ AN(tp->uds);
+ AZ(strcmp(tp->uds, uds));
+ }
+ if (ip4 != NULL)
+ AZ(VSA_Compare(tp->ip4, ip4));
+ if (ip6 != NULL)
+ AZ(VSA_Compare(tp->ip6, ip6));
return (cp->priv);
+ }
/*
- * this is racy - we could end up with additional pools on the same id /
- * destination address with just a single connection
+ * this is racy - we could end up with additional pools on the same id
+ * with just a single connection
*/
ALLOC_OBJ(tp, TCP_POOL_MAGIC);
AN(tp);
More information about the varnish-commit
mailing list