vcc: Restrict PRIV_TOP arguments to client tasks

Refs #3498
varnishcache · Jan 25, 2021 · 6d49b18 · 6d49b18
1 parent 5bf609b
commit 6d49b18
Show file tree

Hide file tree

Showing 3 changed files with 23 additions and 28 deletions.
diff --git a/bin/varnishtest/tests/v00043.vtc b/bin/varnishtest/tests/v00043.vtc
@@ -55,6 +55,22 @@ server s1 {
 	txresp
 } -start
 
+varnish v1 -errvcl "Not available in subroutine 'vcl_backend_fetch'" {
+	import debug;
+	backend be none;
+	sub vcl_backend_fetch {
+		debug.test_priv_top("only works on client side");
+	}
+}
+
+varnish v1 -errvcl "Not available in subroutine 'vcl_init'" {
+	import debug;
+	backend be none;
+	sub vcl_init {
+		debug.test_priv_top("only works on client side");
+	}
+}
+
 varnish v1 -cliok "param.set debug +syncvsl" -vcl+backend {
 	import debug;
 
@@ -81,22 +97,9 @@ varnish v1 -cliok "param.set debug +syncvsl" -vcl+backend {
 		set req.http.o2 = o2.test_priv_top("");
 	}
 
-	# XXX because PRIV_TOP arguments get initialized in the
-	# function preamble, the mere presence of a vmod call with a
-	# PRIV_TOP argument in a SUB will trigger the failure if that
-	# sub is called at all.
-	#
-	# So to test #3498, we need to fence test_priv_top into its
-	# own sub
-	sub callingmewill503 {
-		debug.test_priv_top("only works on client side");
-	}
-
 	sub vcl_backend_fetch {
 		if (bereq.url == "/fail") {
-			call callingmewill503;
-		}
-		if (bereq.url == "/failo") {
+			# dynamic priv not checked at compile time
 			o2.test_priv_top("only works on client side");
 		}
 	}
@@ -123,17 +126,8 @@ client c1 {
 
 varnish v1 -expect client_req == 2
 
-client c1 {
-	txreq -url /fail
-	rxresp
-	expect resp.status == 503
-} -start
-
 client c2 {
-	txreq -url /failo
+	txreq -url /fail
 	rxresp
 	expect resp.status == 503
-} -start
-
-client c1 -wait
-client c2 -wait
+} -run
diff --git a/lib/libvcc/vcc_compile.h b/lib/libvcc/vcc_compile.h
@@ -341,7 +341,7 @@ sym_expr_t vcc_Eval_Handle;
 sym_expr_t vcc_Eval_SymFunc;
 sym_expr_t vcc_Eval_TypeMethod;
 void vcc_Eval_Func(struct vcc *, const struct vjsn_val *,
-    const char *, const struct symbol *);
+    const char *, struct symbol *);
 void VCC_GlobalSymbol(struct symbol *, vcc_type_t fmt, const char *pfx);
 struct symbol *VCC_HandleSymbol(struct vcc *, vcc_type_t , const char *);
 void VCC_SymName(struct vsb *, const struct symbol *);

diff --git a/lib/libvcc/vcc_expr.c b/lib/libvcc/vcc_expr.c
@@ -351,7 +351,7 @@ vcc_Eval_Var(struct vcc *tl, struct expr **e, struct token *t,
  */
 
 static struct expr *
-vcc_priv_arg(struct vcc *tl, const char *p, const struct symbol *sym)
+vcc_priv_arg(struct vcc *tl, const char *p, struct symbol *sym)
 {
 	char buf[64];
 	struct inifin *ifp;
@@ -377,6 +377,7 @@ vcc_priv_arg(struct vcc *tl, const char *p, const struct symbol *sym)
 		marklist = &tl->curproc->priv_tasks;
 	} else if (!strcmp(p, "PRIV_TOP")) {
 		f = "top";
+		sym->r_methods &= VCL_MET_TASK_C;
 		marklist = &tl->curproc->priv_tops;
 	} else {
 		WRONG("Wrong PRIV_ type");
@@ -641,7 +642,7 @@ vcc_func(struct vcc *tl, struct expr **e, const void *priv,
 
 void
 vcc_Eval_Func(struct vcc *tl, const struct vjsn_val *spec,
-    const char *extra, const struct symbol *sym)
+    const char *extra, struct symbol *sym)
 {
 	struct expr *e = NULL;