[master] c8bb41504 ban: Require valid header variables

Dridi Boukelmoune dridi.boukelmoune at gmail.com
Wed Aug 16 15:18:06 UTC 2023 

commit c8bb415047cb6edeb3ba89391c83f77f93809ee1
Author: Walid Boudebouda <walid.boudebouda at gmail.com>
Date:   Tue Aug 8 14:51:41 2023 +0200

    ban: Require valid header variables
    
    We must ensure that we get a complete header name before evaluating
    a ban, so "req.http." should not be accepted.
    
    Refs #3962

diff --git a/bin/varnishd/cache/cache_ban_build.c b/bin/varnishd/cache/cache_ban_build.c
index e9a699674..bab9ac79a 100644
--- a/bin/varnishd/cache/cache_ban_build.c
+++ b/bin/varnishd/cache/cache_ban_build.c
@@ -260,6 +260,9 @@ BAN_AddTest(struct ban_proto *bp,
 
 	VSB_putc(bp->vsb, pv->tag);
 	if (pv->flag & BANS_FLAG_HTTP) {
+		if (strlen(a1 + strlen(pv->name)) < 1)
+			return (ban_error(bp,
+			    "Missing header name: \"%s\"", pv->name));
 		assert(BANS_HAS_ARG1_SPEC(pv->tag));
 		ban_parse_http(bp, a1 + strlen(pv->name));
 	}
diff --git a/bin/varnishtest/tests/r03962.vtc b/bin/varnishtest/tests/r03962.vtc
index 2874353a4..f92d0257a 100644
--- a/bin/varnishtest/tests/r03962.vtc
+++ b/bin/varnishtest/tests/r03962.vtc
@@ -10,4 +10,5 @@ varnish v1 -cliexpect {Unknown or unsupported field "obj.ageYY"} "ban obj.ageYY
 varnish v1 -cliexpect {Unknown or unsupported field "req.ur"} "ban req.ur ~ foobarbazzz"
 varnish v1 -cliexpect {Unknown or unsupported field "req.htt"} "ban req.htt ~ foobarbazzz"
 varnish v1 -cliexpect {Unknown or unsupported field "req.htt.XXYY"} "ban req.htt.XXYY ~ foobarbazzz"
+varnish v1 -cliexpect {Missing header name: "obj.http."} "ban obj.http. ~ foobarbazzz"
 varnish v1 -cliok "ban req.http.XXYY ~ foobarbazzz"
diff --git a/doc/changes.rst b/doc/changes.rst
index 6b7746888..e16d7c22c 100644
--- a/doc/changes.rst
+++ b/doc/changes.rst
@@ -38,6 +38,10 @@ Varnish Cache NEXT (2023-09-15)
 .. PLEASE keep this roughly in commit order as shown by git-log / tig
    (new to old)
 
+* Two bugs in the ban expression parser have been fixed where one of them
+  could lead to a panic if a ban expression with an empty header name was
+  issued (3962_)
+
 * A bug has been fixed where ``unset bereq.body`` had no effect when
   used with a cached body (3914_)
 
@@ -87,6 +91,7 @@ Varnish Cache NEXT (2023-09-15)
 .. _3908: https://github.com/varnishcache/varnish-cache/pull/3908
 .. _3911: https://github.com/varnishcache/varnish-cache/issues/3911
 .. _3914: https://github.com/varnishcache/varnish-cache/pull/3914
+.. _3962: https://github.com/varnishcache/varnish-cache/issues/3962
 
 ================================
 Varnish Cache 7.3.0 (2023-03-15)

More information about the varnish-commit mailing list