[squid-dev] [PATCH] VIA creation code duplication

Amos Jeffries squid3 at treenet.co.nz
Tue Feb 14 01:22:19 UTC 2017


On 14/02/2017 2:06 a.m., Eduard Bagdasaryan wrote:
> I see that String::append asserts when String is unable to "grow":
> String has hardcoded ~64Kb limit for that. It is hardly possible since
> most of web servers have header length limit less than this value.
> Theoretically a buggy upstream server could generate such huge Via.
> However any other header may assert as well, since HttpHeaderEntry
> stores its value in String. Why do you think we should care only about
> Via header overflow?

I dont think Via is the only one. We had issues with Vary last year. But
sice this patch is dealign with Via we should not add the extra risk.

The problem is with proxy where the admin has configured large headers
to be allowed, and receives a Via just under the 6KB liit. Our append
pushing it over by even one byte would assert. The older bbuf code
cropping at 1KB was nasty but would not crash Squid.

Amos


More information about the squid-dev mailing list