Accepting request 220760 from server:http

- Updated to 3.0.5

OBS-URL: https://build.opensuse.org/request/show/220760
OBS-URL: https://build.opensuse.org/package/show/openSUSE:Factory/varnish?expand=0&rev=13
This commit is contained in:
Tomáš Chvátal 2014-02-07 10:56:17 +00:00 committed by Git OBS Bridge
commit cf376d0e54
6 changed files with 21 additions and 172 deletions

View File

@ -1,136 +0,0 @@
From 4bd5b7991bf602a6c46dd0d65fc04d4b8d9667a6 Mon Sep 17 00:00:00 2001
From: Martin Blix Grydeland <martin@varnish-software.com>
Date: Wed, 30 Oct 2013 13:48:20 +0100
Subject: [PATCH] Make up our mind: Any req.* we receive from the client with
fundamental trouble gets failed back without VCL involvement.
References: https://www.varnish-cache.org/trac/ticket/1367
References: CVE-2013-4484
References: https://bugzilla.novell.com/show_bug.cgi?id=848451
Fixes #1367
---
bin/varnishd/cache_center.c | 28 +++++++++++++++-------------
bin/varnishd/cache_http.c | 2 +-
bin/varnishtest/tests/r01367.vtc | 30 ++++++++++++++++++++++++++++++
3 files changed, 46 insertions(+), 14 deletions(-)
create mode 100644 bin/varnishtest/tests/r01367.vtc
diff --git a/bin/varnishd/cache_center.c b/bin/varnishd/cache_center.c
index 19eb2ce..fdf7cee 100644
--- a/bin/varnishd/cache_center.c
+++ b/bin/varnishd/cache_center.c
@@ -1474,9 +1474,12 @@ DOT start -> recv [style=bold,color=green]
static int
cnt_start(struct sess *sp)
{
- uint16_t done;
+ uint16_t err_code;
char *p;
- const char *r = "HTTP/1.1 100 Continue\r\n\r\n";
+ const char *r_100 = "HTTP/1.1 100 Continue\r\n\r\n";
+ const char *r_400 = "HTTP/1.1 400 Bad Request\r\n\r\n";
+ const char *r_413 = "HTTP/1.1 413 Request Entity Too Large\r\n\r\n";
+ const char *r_417 = "HTTP/1.1 417 Expectation Failed\r\n\r\n";
CHECK_OBJ_NOTNULL(sp, SESS_MAGIC);
AZ(sp->restarts);
@@ -1499,10 +1502,14 @@ cnt_start(struct sess *sp)
sp->wrk->vcl = NULL;
http_Setup(sp->http, sp->ws);
- done = http_DissectRequest(sp);
+ err_code = http_DissectRequest(sp);
/* If we could not even parse the request, just close */
- if (done == 400) {
+ if (err_code == 400)
+ (void)write(sp->fd, r_400, strlen(r_400));
+ else if (err_code == 413)
+ (void)write(sp->fd, r_413, strlen(r_413));
+ if (err_code != 0) {
sp->step = STP_DONE;
vca_close_session(sp, "junk");
return (0);
@@ -1514,12 +1521,6 @@ cnt_start(struct sess *sp)
/* Catch original request, before modification */
HTTP_Copy(sp->http0, sp->http);
- if (done != 0) {
- sp->err_code = done;
- sp->step = STP_ERROR;
- return (0);
- }
-
sp->doclose = http_DoConnection(sp->http);
/* XXX: Handle TRACE & OPTIONS of Max-Forwards = 0 */
@@ -1529,13 +1530,14 @@ cnt_start(struct sess *sp)
*/
if (http_GetHdr(sp->http, H_Expect, &p)) {
if (strcasecmp(p, "100-continue")) {
- sp->err_code = 417;
- sp->step = STP_ERROR;
+ (void)write(sp->fd, r_417, strlen(r_417));
+ sp->step = STP_DONE;
+ vca_close_session(sp, "junk");
return (0);
}
/* XXX: Don't bother with write failures for now */
- (void)write(sp->fd, r, strlen(r));
+ (void)write(sp->fd, r_100, strlen(r_100));
/* XXX: When we do ESI includes, this is not removed
* XXX: because we use http0 as our basis. Believed
* XXX: safe, but potentially confusing.
diff --git a/bin/varnishd/cache_http.c b/bin/varnishd/cache_http.c
index 8753acc..605975b 100644
--- a/bin/varnishd/cache_http.c
+++ b/bin/varnishd/cache_http.c
@@ -601,7 +601,7 @@ http_splitline(struct worker *w, int fd, struct http *hp,
hp->hd[h2].e = p;
if (!Tlen(hp->hd[h2]))
- return (413);
+ return (400);
/* Skip SP */
for (; vct_issp(*p); p++) {
diff --git a/bin/varnishtest/tests/r01367.vtc b/bin/varnishtest/tests/r01367.vtc
new file mode 100644
index 0000000..e1de20a
--- /dev/null
+++ b/bin/varnishtest/tests/r01367.vtc
@@ -0,0 +1,30 @@
+varnishtest "blank GET"
+
+server s1 {
+ rxreq
+ txresp
+} -start
+
+varnish v1 -vcl+backend {
+ sub vcl_error {
+ return (restart);
+ }
+} -start
+
+client c1 {
+ send "GET \nHost: example.com\n\n"
+ rxresp
+ expect resp.status == 400
+} -run
+
+client c1 {
+ txreq -hdr "Expect: Santa-Claus"
+ rxresp
+ expect resp.status == 417
+} -run
+
+client c1 {
+ txreq
+ rxresp
+ expect resp.status == 200
+} -run
--
1.8.2

View File

@ -1,3 +0,0 @@
version https://git-lfs.github.com/spec/v1
oid sha256:e5ca91011229ca8d225aa1080dd827041b8121436d8dcddef507b95305533741
size 1152008

3
varnish-3.0.5.tar.gz Normal file
View File

@ -0,0 +1,3 @@
version https://git-lfs.github.com/spec/v1
oid sha256:302fd6afc771524ca3912f5d945ab197a55762385c012b2054df7d86bf7ae2b7
size 2116664

View File

@ -1,27 +0,0 @@
From: Piotr Jankowski <piotr.jankowski@nsn.com>
Date: 2013-09-10 10:55:57 CEST
References: http://bugzilla.novell.com/show_bug.cgi?id=839358
References: https://www.varnish-cache.org/trac/ticket/1191
"The JIT compiler is broken on some versions of PCRE, at least on
i386, so disable it by default."
---
lib/libvarnish/vre.c | 3 +--
1 file changed, 1 insertion(+), 2 deletions(-)
Index: varnish-3.0.3/lib/libvarnish/vre.c
===================================================================
--- varnish-3.0.3.orig/lib/libvarnish/vre.c
+++ varnish-3.0.3/lib/libvarnish/vre.c
@@ -40,9 +40,8 @@ struct vre {
pcre_extra *re_extra;
};
-#ifndef PCRE_STUDY_JIT_COMPILE
+#undef PCRE_STUDY_JIT_COMPILE
#define PCRE_STUDY_JIT_COMPILE 0
-#endif
/*
* We don't want to spread or even expose the majority of PCRE options

View File

@ -1,3 +1,18 @@
-------------------------------------------------------------------
Fri Jan 3 10:57:19 UTC 2014 - danimo@owncloud.com
- Updated to 3.0.5, contains fix for CVE-2013-4484
* A bad interaction between -b, -c and -m in the varnishlog tool
has been fixed.
* A malformed request could in some configurations lead to Varnish
crashing has been corrected. (CVE-2013-4484)
* Duplicate Content-Length headers were in some cases sent to
clients when streaming is enabled, this has been fixed.
* ESI parse errors are no longer printed to standard output.
* Stop segfaulting if the first part of a synthetic page is NULL.
- Remove 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch
and varnish-disable-pcrejit.diff (merged upstream)
-------------------------------------------------------------------
Fri Nov 1 18:52:49 UTC 2013 - jengelh@inai.de

View File

@ -17,7 +17,7 @@
Name: varnish
%define library_name libvarnishapi1
Version: 3.0.3
Version: 3.0.5
Release: 0
Summary: Varnish is a high-performance HTTP accelerator
License: BSD-2-Clause
@ -27,7 +27,7 @@ URL: http://varnish-cache.org/
#Git-Clone: git://git.varnish-cache.org/varnish-cache
#Git-Web: https://varnish-cache.org/trac/browser
#DL-URL: http://downloads.sf.net/varnish/%name-%version.tar.bz2
Source: %name-%version.tar.xz
Source: %name-%version.tar.gz
Source2: varnish.init
Source3: varnish.sysconfig
Source4: vcl.conf
@ -35,11 +35,9 @@ Source5: varnish.logrotate
Source6: varnishlog.init
Source7: varnish.service
Source8: varnishlog.service
Patch1: varnish-disable-pcrejit.diff
Patch2: 0001-Make-up-our-mind-Any-req.-we-receive-from-the-client.patch
BuildRoot: %_tmppath/%name-%version-build
BuildRequires: libxslt, ncurses-devel, pcre-devel
BuildRequires: libxslt, ncurses-devel, pcre-devel, readline-devel
BuildRequires: pkgconfig, xz
Prereq(post): %_sbindir/useradd %_sbindir/groupadd
%if 0%{?suse_version} >= 1010
@ -99,7 +97,6 @@ This package holds the development files for varnish.
%prep
%setup -q
%patch -P 1 -P 2 -p1
%build
export CFLAGS="%optflags -fstack-protector"