[master] fd72157cd ws: Replace WS_Inside() with WS_Allocated()

Dridi Boukelmoune dridi.boukelmoune at gmail.com
Tue Aug 17 06:57:05 UTC 2021 

commit fd72157cd52e974d42dff2260cb608a79f1b9403
Author: Dridi Boukelmoune <dridi.boukelmoune at gmail.com>
Date:   Mon Jul 5 11:56:05 2021 +0200

    ws: Replace WS_Inside() with WS_Allocated()
    
    It was unfit for purpose anyway, since it would allow contents past the
    front pointer to be referenced. What we are really looking for where
    WS_Inside() was used is actual allocations. WS_Assert_Allocated() was
    made redundant by this change.
    
    Refs #3320

diff --git a/bin/varnishd/cache/cache.h b/bin/varnishd/cache/cache.h
index e770e23f1..f3fc6c688 100644
--- a/bin/varnishd/cache/cache.h
+++ b/bin/varnishd/cache/cache.h
@@ -780,8 +780,7 @@ void *WS_Copy(struct ws *ws, const void *str, int len);
 uintptr_t WS_Snapshot(struct ws *ws);
 int WS_Overflowed(const struct ws *ws);
 const char *WS_Printf(struct ws *ws, const char *fmt, ...) v_printflike_(2, 3);
-int WS_Inside(const struct ws *, const void *, const void *);
-void WS_Assert_Allocated(const struct ws *ws, const void *ptr, ssize_t len);
+int WS_Allocated(const struct ws *ws, const void *ptr, ssize_t len);
 
 void WS_VSB_new(struct vsb *, struct ws *);
 char *WS_VSB_finish(struct vsb *, struct ws *, size_t *);
diff --git a/bin/varnishd/cache/cache_http.c b/bin/varnishd/cache/cache_http.c
index ec0739ee6..dd4843c1c 100644
--- a/bin/varnishd/cache/cache_http.c
+++ b/bin/varnishd/cache/cache_http.c
@@ -1325,10 +1325,11 @@ http_CopyHome(const struct http *hp)
 			assert(u < HTTP_HDR_FIRST);
 			continue;
 		}
-		if (WS_Inside(hp->ws, hp->hd[u].b, hp->hd[u].e))
-			continue;
 
 		l = Tlen(hp->hd[u]);
+		if (WS_Allocated(hp->ws, hp->hd[u].b, l))
+			continue;
+
 		p = WS_Copy(hp->ws, hp->hd[u].b, l + 1L);
 		if (p == NULL) {
 			http_fail(hp);
diff --git a/bin/varnishd/cache/cache_vrt.c b/bin/varnishd/cache/cache_vrt.c
index d38587d36..8d8ab859b 100644
--- a/bin/varnishd/cache/cache_vrt.c
+++ b/bin/varnishd/cache/cache_vrt.c
@@ -94,7 +94,7 @@ VRT_synth(VRT_CTX, VCL_INT code, VCL_STRING reason)
 		return;
 	}
 
-	if (reason && !WS_Inside(ctx->ws, reason, NULL)) {
+	if (reason && !WS_Allocated(ctx->ws, reason, -1)) {
 		reason = WS_Copy(ctx->ws, reason, -1);
 		if (!reason) {
 			VRT_fail(ctx, "Workspace overflow");
@@ -445,14 +445,14 @@ VRT_String(struct ws *ws, const char *h, const char *p, va_list ap)
 	while (q == NULL || (q != vrt_magic_string_end && *q == '\0'));
 
 	if (h != NULL && p == NULL && q == vrt_magic_string_end &&
-	    WS_Inside(ws, h, NULL)) {
+	    WS_Allocated(ws, h, -1)) {
 		va_end(aq);
 		WS_Release(ws, 0);
 		return (h);
 	}
 
 	if (h == NULL && p != NULL && q == vrt_magic_string_end &&
-	    WS_Inside(ws, p, NULL)) {
+	    WS_Allocated(ws, p, -1)) {
 		va_end(aq);
 		WS_Release(ws, 0);
 		return (p);
@@ -467,7 +467,7 @@ VRT_String(struct ws *ws, const char *h, const char *p, va_list ap)
 		do
 			p = va_arg(aq, const char *);
 		while (p == NULL || (p != vrt_magic_string_end && *p == '\0'));
-		if (p == vrt_magic_string_end && WS_Inside(ws, q, NULL)) {
+		if (p == vrt_magic_string_end && WS_Allocated(ws, q, -1)) {
 			va_end(aq);
 			WS_Release(ws, 0);
 			return (q);
@@ -569,9 +569,9 @@ VRT_StrandsWS(struct ws *ws, const char *h, VCL_STRANDS s)
 	if (q == NULL) {
 		if (h == NULL)
 			return ("");
-		if (WS_Inside(ws, h, NULL))
+		if (WS_Allocated(ws, h, -1))
 			return (h);
-	} else if (h == NULL && WS_Inside(ws, q, NULL)) {
+	} else if (h == NULL && WS_Allocated(ws, q, -1)) {
 		for (i++; i < s->n; i++)
 			if (s->p[i] != NULL && *s->p[i] != '\0')
 				break;
diff --git a/bin/varnishd/cache/cache_ws.c b/bin/varnishd/cache/cache_ws.c
index d1f54a2fd..a82f1aa1f 100644
--- a/bin/varnishd/cache/cache_ws.c
+++ b/bin/varnishd/cache/cache_ws.c
@@ -66,28 +66,14 @@ WS_Assert(const struct ws *ws)
 }
 
 int
-WS_Inside(const struct ws *ws, const void *bb, const void *ee)
-{
-	const char *b = bb;
-	const char *e = ee;
-
-	WS_Assert(ws);
-	if (b < ws->s || b >= ws->e)
-		return (0);
-	if (e != NULL && (e < b || e > ws->e))
-		return (0);
-	return (1);
-}
-
-void
-WS_Assert_Allocated(const struct ws *ws, const void *ptr, ssize_t len)
+WS_Allocated(const struct ws *ws, const void *ptr, ssize_t len)
 {
 	const char *p = ptr;
 
 	WS_Assert(ws);
 	if (len < 0)
 		len = strlen(p) + 1;
-	assert(p >= ws->s && (p + len) <= ws->f);
+	return (p >= ws->s && (p + len) <= ws->f);
 }
 
 /*
@@ -369,7 +355,7 @@ WS_AtOffset(const struct ws *ws, unsigned off, unsigned len)
 
 	WS_Assert(ws);
 	ptr = ws->s + off;
-	WS_Assert_Allocated(ws, ptr, len);
+	AN(WS_Allocated(ws, ptr, len));
 	return (ptr);
 }
 
diff --git a/include/vrt.h b/include/vrt.h
index e61156401..e9bcd256e 100644
--- a/include/vrt.h
+++ b/include/vrt.h
@@ -60,6 +60,9 @@
  *	VRT_NULL_BLOB_TYPE added as the .type of vrt_null_blob
  *	VRT_blob() changed to return vrt_null_blob for
  *	    len == 0 or src == NULL arguments
+ *	[cache.h] WS_Inside() removed
+ *	[cache.h] WS_Assert_Allocated() removed
+ *	[cache.h] WS_Allocated() added
  * 13.0 (2021-03-15)
  *	Move VRT_synth_page() to deprecated status
  *	Add VRT_synth_strands() and VRT_synth_blob()
diff --git a/vmod/vmod_debug.c b/vmod/vmod_debug.c
index 240f5d281..190773397 100644
--- a/vmod/vmod_debug.c
+++ b/vmod/vmod_debug.c
@@ -769,7 +769,7 @@ xyzzy_concatenate(VRT_CTX, VCL_STRANDS s)
 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
 	r = VRT_StrandsWS(ctx->ws, NULL, s);
 	if (r != NULL && *r != '\0')
-		WS_Assert_Allocated(ctx->ws, r, strlen(r) + 1);
+		AN(WS_Allocated(ctx->ws, r, strlen(r) + 1));
 	return (r);
 }
 
@@ -781,7 +781,7 @@ xyzzy_collect(VRT_CTX, VCL_STRANDS s)
 	CHECK_OBJ_NOTNULL(ctx, VRT_CTX_MAGIC);
 	r = VRT_CollectStrands(ctx, s);
 	if (r != NULL && *r != '\0')
-		WS_Assert_Allocated(ctx->ws, r, strlen(r) + 1);
+		AN(WS_Allocated(ctx->ws, r, strlen(r) + 1));
 	return (r);
 }
 
@@ -813,7 +813,7 @@ xyzzy_sethdr(VRT_CTX, VCL_HEADER hdr, VCL_STRANDS s)
 			VSLb(ctx->vsl, SLT_LostHeader, "%s", hdr->what + 1);
 		} else {
 			if (*b != '\0')
-				WS_Assert_Allocated(hp->ws, b, strlen(b) + 1);
+				AN(WS_Allocated(hp->ws, b, strlen(b) + 1));
 			http_Unset(hp, hdr->what);
 			http_SetHeader(hp, b);
 		}
diff --git a/vmod/vmod_debug_obj.c b/vmod/vmod_debug_obj.c
index ac3bab0d1..94331f047 100644
--- a/vmod/vmod_debug_obj.c
+++ b/vmod/vmod_debug_obj.c
@@ -267,7 +267,7 @@ xyzzy_obj_test_priv_top(VRT_CTX, struct xyzzy_debug_obj *o, VCL_STRING s)
 	ws = req->ws;
 
 	/* copy to top req's workspace if need to */
-	if (ctx->ws != ws && WS_Inside(ctx->ws, s, NULL))
+	if (ctx->ws != ws && WS_Allocated(ctx->ws, s, -1))
 		s = WS_Copy(ws, s, -1);
 
 	if (p == NULL || s == NULL) {

More information about the varnish-commit mailing list