From 3eb7a04587d235bec5a312d3eae652abd8a63a14 Mon Sep 17 00:00:00 2001 From: Martin Blix Grydeland Date: Thu, 15 Aug 2019 11:19:41 +0200 Subject: [PATCH] Be stricter on final [CR]LF parsing in http1_dissect_hdrs The end of http1_dissect_hdrs ends with skipping over the final [CR]LF that marks then end of the headers. Currently that skip is optional, that is, it is skipped if it was present. This patch adds an assert if the final [CR]LF is not found when finishing the parsing. HTTP1_Complete guarantees that it is there, if not we would not have started parsing the request or response in the first place, and if it is missing, there must be an error in the parsing leading up to it. --- bin/varnishd/http1/cache_http1_proto.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) diff --git a/bin/varnishd/http1/cache_http1_proto.c b/bin/varnishd/http1/cache_http1_proto.c index e55555bf19..e5203a94ec 100644 --- a/bin/varnishd/http1/cache_http1_proto.c +++ b/bin/varnishd/http1/cache_http1_proto.c @@ -117,6 +117,7 @@ http1_dissect_hdrs(struct http *hp, char unsigned maxhdr) { char *q, *r; + int i; assert(p > htc->rxbuf_b); assert(p <= htc->rxbuf_e); @@ -213,8 +214,9 @@ http1_dissect_hdrs(struct http *hp, char break; } } - if (p < htc->rxbuf_e) - p += vct_skipcrlf(p); + i = vct_iscrlf(p, htc->rxbuf_e); + assert(i > 0); /* HTTP1_Complete guarantees this */ + p += i; HTC_RxPipeline(htc, p); htc->rxbuf_e = p; return (0);