Skip to content

Commit 176f8a0

Browse files
committed
Avoid buffer read overflow on vcl_error and -sfile
The file stevedore may return a buffer larger than asked for when requesting storage. Due to lack of check for this condition, the code to copy the synthetic error memory buffer from vcl_error would overrun the buffer. Patch by @shamger Fixes: #2429
1 parent b5593e2 commit 176f8a0

File tree

1 file changed

+2
-0
lines changed

1 file changed

+2
-0
lines changed

Diff for: bin/varnishd/cache/cache_fetch.c

+2
Original file line numberDiff line numberDiff line change
@@ -899,6 +899,8 @@ vbf_stp_error(struct worker *wrk, struct busyobj *bo)
899899
l = ll;
900900
if (VFP_GetStorage(bo->vfc, &l, &ptr) != VFP_OK)
901901
break;
902+
if (l > ll)
903+
l = ll;
902904
memcpy(ptr, VSB_data(synth_body) + o, l);
903905
VFP_Extend(bo->vfc, l);
904906
ll -= l;

0 commit comments

Comments
 (0)