rpms/varnish
7
0
Fork 0
Code Issues Pull Requests Releases Activity

- Changed default mask for varnish log dir to 700, closing #915413

Browse Source 
- Added a patch for CVE-2013-4484 from upstream, closing #1025128
This commit is contained in:
Ingvar Hagelund 2013-11-21 04:05:48 +01:00
parent e89334aea9
commit c9bb450be8
2 changed files with 120 additions and 2 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

112
varnish-3.0.4.fix_CVE-2013-4484.patch Normal file
View File

@ -0,0 +1,112 @@
diff -Naur ../varnish-3.0.4.orig/bin/varnishd/cache_center.c ./bin/varnishd/cache_center.c
--- ../varnish-3.0.4.orig/bin/varnishd/cache_center.c 2013-06-14 10:39:31.000000000 +0200
+++ ./bin/varnishd/cache_center.c 2013-11-21 00:48:00.486460486 +0100
@@ -1471,9 +1471,12 @@
static int
cnt_start(struct sess *sp)
{
- uint16_t done;
+ uint16_t err_code;
char *p;
- const char *r = "HTTP/1.1 100 Continue\r\n\r\n";
+ const char *r_100 = "HTTP/1.1 100 Continue\r\n\r\n";
+ const char *r_400 = "HTTP/1.1 400 Bad Request\r\n\r\n";
+ const char *r_413 = "HTTP/1.1 413 Request Entity Too Large\r\n\r\n";
+ const char *r_417 = "HTTP/1.1 417 Expectation Failed\r\n\r\n";
CHECK_OBJ_NOTNULL(sp, SESS_MAGIC);
AZ(sp->restarts);
@@ -1496,10 +1499,14 @@
sp->wrk->vcl = NULL;
http_Setup(sp->http, sp->ws);
- done = http_DissectRequest(sp);
+ err_code = http_DissectRequest(sp);
/* If we could not even parse the request, just close */
- if (done == 400) {
+ if (err_code == 400)
+ (void)write(sp->fd, r_400, strlen(r_400));
+ else if (err_code == 413)
+ (void)write(sp->fd, r_413, strlen(r_413));
+ if (err_code != 0) {
sp->step = STP_DONE;
vca_close_session(sp, "junk");
return (0);
@@ -1511,12 +1518,6 @@
/* Catch original request, before modification */
HTTP_Copy(sp->http0, sp->http);
- if (done != 0) {
- sp->err_code = done;
- sp->step = STP_ERROR;
- return (0);
- }
-
sp->doclose = http_DoConnection(sp->http);
/* XXX: Handle TRACE & OPTIONS of Max-Forwards = 0 */
@@ -1526,13 +1527,14 @@
*/
if (http_GetHdr(sp->http, H_Expect, &p)) {
if (strcasecmp(p, "100-continue")) {
- sp->err_code = 417;
- sp->step = STP_ERROR;
+ (void)write(sp->fd, r_417, strlen(r_417));
+ sp->step = STP_DONE;
+ vca_close_session(sp, "junk");
return (0);
}
/* XXX: Don't bother with write failures for now */
- (void)write(sp->fd, r, strlen(r));
+ (void)write(sp->fd, r_100, strlen(r_100));
/* XXX: When we do ESI includes, this is not removed
* XXX: because we use http0 as our basis. Believed
* XXX: safe, but potentially confusing.
diff -Naur ../varnish-3.0.4.orig/bin/varnishd/cache_http.c ./bin/varnishd/cache_http.c
--- ../varnish-3.0.4.orig/bin/varnishd/cache_http.c 2013-06-14 10:39:31.000000000 +0200
+++ ./bin/varnishd/cache_http.c 2013-11-21 00:48:00.486460486 +0100
@@ -601,7 +601,7 @@
hp->hd[h2].e = p;
if (!Tlen(hp->hd[h2]))
- return (413);
+ return (400);
/* Skip SP */
for (; vct_issp(*p); p++) {
diff -Naur ../varnish-3.0.4.orig/bin/varnishtest/tests/r01367.vtc ./bin/varnishtest/tests/r01367.vtc
--- ../varnish-3.0.4.orig/bin/varnishtest/tests/r01367.vtc 1970-01-01 01:00:00.000000000 +0100
+++ ./bin/varnishtest/tests/r01367.vtc 2013-11-21 00:48:00.486460486 +0100
@@ -0,0 +1,30 @@
+varnishtest "blank GET"
+
+server s1 {
+ rxreq
+ txresp
+} -start
+
+varnish v1 -vcl+backend {
+ sub vcl_error {
+ return (restart);
+ }
+} -start
+
+client c1 {
+ send "GET \nHost: example.com\n\n"
+ rxresp
+ expect resp.status == 400
+} -run
+
+client c1 {
+ txreq -hdr "Expect: Santa-Claus"
+ rxresp
+ expect resp.status == 417
+} -run
+
+client c1 {
+ txreq
+ rxresp
+ expect resp.status == 200
+} -run

10
varnish.spec
View File

@ -3,7 +3,7 @@
Summary: High-performance HTTP accelerator Summary: High-performance HTTP accelerator
Name: varnish Name: varnish
Version: 3.0.4 Version: 3.0.4
Release: 1%{?dist} Release: 2%{?dist}
License: BSD License: BSD
Group: System Environment/Daemons Group: System Environment/Daemons
URL: http://www.varnish-cache.org/ URL: http://www.varnish-cache.org/
@ -13,6 +13,7 @@ Source2: varnish.params
Source3: varnishncsa.service Source3: varnishncsa.service
Source4: varnishlog.service Source4: varnishlog.service
Patch2: varnish.fix_ppc64_upstream_bug_1194.patch Patch2: varnish.fix_ppc64_upstream_bug_1194.patch
Patch3: varnish-3.0.4.fix_CVE-2013-4484.patch
BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) BuildRoot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
# To build from git, start with a make dist, see redhat/README.redhat # To build from git, start with a make dist, see redhat/README.redhat
# You will need at least automake autoconf libtool python-docutils # You will need at least automake autoconf libtool python-docutils
@ -90,6 +91,7 @@ Documentation files for %name
#%setup -q -n varnish-cache #%setup -q -n varnish-cache
%patch2 %patch2
%patch3
mkdir examples mkdir examples
cp bin/varnishd/default.vcl etc/zope-plone.vcl examples cp bin/varnishd/default.vcl etc/zope-plone.vcl examples
@ -177,7 +179,7 @@ rm -rf %{buildroot}
%{_sbindir}/* %{_sbindir}/*
%{_bindir}/* %{_bindir}/*
%{_var}/lib/varnish %{_var}/lib/varnish
%{_var}/log/varnish %attr(0700,root,root) %dir %{_var}/log/varnish
%{_mandir}/man1/*.1* %{_mandir}/man1/*.1*
%{_mandir}/man3/*.3* %{_mandir}/man3/*.3*
%{_mandir}/man7/*.7* %{_mandir}/man7/*.7*
@ -306,6 +308,10 @@ fi
%endif %endif
%changelog %changelog
* Thu Nov 21 2013 Ingvar Hagelund <ingvar@redpill-linpro.com> 3.0.4-2
- Changed default mask for varnish log dir to 700, closing #915413
- Added a patch for CVE-2013-4484 from upstream, closing #1025128
* Mon Aug 12 2013 Ingvar Hagelund <ingvar@redpill-linpro.com> 3.0.4-1 * Mon Aug 12 2013 Ingvar Hagelund <ingvar@redpill-linpro.com> 3.0.4-1
- New upstream release - New upstream release
- Added libedit-devel to the build reqs - Added libedit-devel to the build reqs