From phk at critter.freebsd.dk Tue May 4 14:27:47 2010 From: phk at critter.freebsd.dk (Poul-Henning Kamp) Date: Tue, 04 May 2010 14:27:47 +0000 Subject: HEADS-UP: Bug in Varnish 2.1.1 may append junk to objects Message-ID: <34013.1272983267@critter.freebsd.dk> Thanks to Audun Ytterdal, I just fixed a really boneheaded bug I introduced in Varnish 2.1.1 This will warrant a 2.1.2 release, but because that typically takes a week or so, I am sending this heads-up to the varnish-announce list, so those of you who are affected can take evasive action in the meantime. If you backend sends chunked encoding (typically only CGI processing) and delivers objects larger than 128k, you may hit this bug. To fix this for good, you can apply the one-line patch attached to the commit message below. As a workaround, you can increase the "fetch_chunksize" parameter to be bigger than any object your backend may deliver with chunked encoding. Be aware that this will affect storage usage negatively. Telling your backend to not use chunked encoding (if possible) is also a water-tight workaround. My apologies, Poul-Henning ------------------------------------------------------------------------ Author: phk Date: 2010-05-04 16:19:05 +0200 (Tue, 04 May 2010) New Revision: 4758 Added: trunk/varnish-cache/bin/varnishtest/tests/r00694.vtc Modified: trunk/varnish-cache/bin/varnishd/cache_response.c Log: Fix one of those "nothing can possibly go wrong" bugs that are so typical of "lets just try to get this into the release" features. The resent addition of experimental Range: header support, broke a cornercase in normal content delivery. If an object was delivered from the backend using chunked encoding, and was larger than the storage segment size (default: 128k) this bug may bite. The effect of the bug is that up to storage segment worth of junk may be appended to the transmitted object. This is mostly harmless, because the Content-Length header will make the browser do the right thing, but certain load-balancers will go cross-eyed and act really weird at the TCP level, spewing interesting RST packets to the client. This bug is only in 2.1.1, not in 2.1.0. Fixes: #694 Isolated by: ay Fool who did this: phk Modified: trunk/varnish-cache/bin/varnishd/cache_response.c =================================================================== --- trunk/varnish-cache/bin/varnishd/cache_response.c 2010-05-04 13:56:00 UTC (rev 4757) +++ trunk/varnish-cache/bin/varnishd/cache_response.c 2010-05-04 14:19:05 UTC (rev 4758) @@ -325,7 +325,7 @@ } if (ptr + len > high) /* Chop tail of segment off */ - len = 1 + high - low; + len = 1 + high - ptr; ptr += len; From tfheen at varnish-software.com Wed May 5 09:37:42 2010 From: tfheen at varnish-software.com (Tollef Fog Heen) Date: Wed, 05 May 2010 11:37:42 +0200 Subject: Varnish 2.1.2 released Message-ID: <871vdqbsex.fsf@qurzaw.linpro.no> Hot on the heels of 2.1.1, Varnish 2.1.2 is now released. It fixes a regression introduced with Range support which was added in 2.1.1 whereby large objects would get junk appended to them. This would not show up in browser due to the Content-Length header, but confused at least some load balancers leading to very strange errors. The release can be downloaded from Sourceforge, as usual: http://sourceforge.net/projects/varnish/ -- Tollef Fog Heen, on behalf of the Varnish development team