\u30d0\u30b0\u30d5\u30a3\u30c3\u30af\u30b9<\/h3>\n
\u25a0CVE-2013-4090<\/a> \u7279\u5b9a\u6761\u4ef6\u3067ACL\u3067\u60f3\u5b9a\u5916\u306e\u30de\u30c3\u30c1\u30fb\u30de\u30c3\u30c1\u6f0f\u308c\u304c\u8d77\u3053\u308b<\/b> C\u306b\u5909\u63db\u3057\u305f\u30b3\u30fc\u30c9(3.0.3)<\/p>\n C\u306b\u5909\u63db\u3057\u305f\u30b3\u30fc\u30c9(3.0.4)<\/p>\n \u5f71\u97ff\u3092\u53d7\u3051\u308b\u304b\u306e\u78ba\u8a8d\u306fVCL\u3092C\u3067\u51fa\u3057\u3066\u307f\u3066 \u25a0ESI\u5229\u7528\u6642\u306b\u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u304c\u7121\u52b9\u306agzip\u3092\u9001\u4fe1\u3057\u305f\u5834\u5408\u306b\u304a\u3044\u3066\u30a8\u30e9\u30fc\u3092\u8d77\u3053\u3059\u53ef\u80fd\u6027\u304c\u3042\u3063\u305f<\/b> \u25a0\u30d0\u30c3\u30af\u30a8\u30f3\u30c9\u540d\u304c\u9577\u3044\u3068Assert\u3067\u5b50\u30d7\u30ed\u30bb\u30b9\u304c\u843d\u3061\u308b<\/b> \u30d0\u30b0\u4fee\u6b63\u306f\u4ed6\u306b\u3082\u3042\u308a\u307e\u3059\u304c\u500b\u4eba\u7684\u306b\u6c17\u306b\u306a\u3063\u305f\u306e\u3092\u30d4\u30c3\u30af\u30a2\u30c3\u30d7\u3057\u307e\u3057\u305f<\/p>\n \u25a0varnishncsa\u306e\u30d5\u30a9\u30fc\u30de\u30c3\u30c8\u3067%D,%T\u3092\u30b5\u30dd\u30fc\u30c8\u3057\u307e\u3057\u305f<\/b> \u25a0TCP_NODELAY\u3092\u6709\u52b9\u306b\u3057\u307e\u3057\u305f(Nagle\u3092Off\u306b\u3057\u305f)<\/b> \u25a0\u8907\u6570\u306eHost\u30d8\u30c3\u30c0\u3092\u9001\u3089\u308c\u3066\u304d\u305f\u5834\u5408\u306f\u30a8\u30e9\u30fc\u3068\u3059\u308b<\/b> \u25a0\u30c9\u30ad\u30e5\u30e1\u30f3\u30c8\u304c\u6539\u5584\u3055\u308c\u307e\u3057\u305f<\/b> #vug7\u306e\u8a18\u4e8b\u66f8\u304f\u524d\u306b\u3053\u3063\u3061\u306e\u8a18\u4e8b\u3092\u66f8\u304f\u3053\u3068\u306b\u306a\u308b\u3068\u306f\u30fb\u30fb\u30fb\uff08\u4e0b\u66f8\u304d\u306b\u306f\u3042\u308b\u3093\u3067\u3059\u304c\u306d\uff09<\/p>\n Varnish3.0.4\u304c\u516c\u958b\u3055\u308c\u307e\u3057\u305f\u3002 \u4eca\u56de\u306f\u307b\u3068\u3093\u3069BugFix\u3067\u3059\u304c\u3001\u3044\u304f\u3064\u304b\u306e\u6a5f\u80fd\u6539\u5584\u304c\u3042\u308a\u307e\u3059\u3002 \u516c\u5f0f\u30ea\u30ea\u30fc\u30b9\u30ce\u30fc\u30c8(3.0.4) \u30d0\u30b0\u30d5\u30a3\u30c3\u30af\u30b9 \u25a0CVE-2013-4090 \u7279\u5b9a\u6761\u4ef6\u3067ACL\u3067\u60f3\u5b9a\u5916\u306e\u30de\u30c3 […]<\/a><\/p>\n","protected":false},"author":2,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[3],"tags":[5,47,32],"class_list":["post-1415","post","type-post","status-publish","format-standard","hentry","category-3","tag-varnish","tag-varnish3-0-4","tag-32","category-3-id","post-seq-1","post-parity-odd","meta-position-corners","fix"],"_links":{"self":[{"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/posts\/1415","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/users\/2"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=1415"}],"version-history":[{"count":26,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/posts\/1415\/revisions"}],"predecessor-version":[{"id":1442,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=\/wp\/v2\/posts\/1415\/revisions\/1442"}],"wp:attachment":[{"href":"https:\/\/blog.xcir.net\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=1415"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=1415"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.xcir.net\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=1415"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}
\n#1312<\/a>
\n\u5bfe\u8c61\u306f3.0.3\u307e\u3067\u306e\u5168\u3066\u306e\u30d0\u30fc\u30b8\u30e7\u30f3\u3067\u3059
\n\u5f15\u3063\u304b\u304b\u308b\u6761\u4ef6\u306f\u4ee5\u4e0b\u3060\u3068\u601d\u3044\u307e\u3059
\n\u30fbCIDR\u5f62\u5f0f\u306e\u5b9a\u7fa9\u304c\u5b58\u5728(\/8,\/16,\/24\u3092\u9664\u304f)
\n\u30fb\u5358\u4e00\u306eIP\u30a2\u30c9\u30ec\u30b9\u3092\u6307\u5b9a\u3057\u3066\u3044\u308b
\n\u30fb\u305d\u306e\u5b9a\u7fa9\u7bc4\u56f2\u304c\u91cd\u8907\u3057\u3066\u3044\u308b
\n\u3053\u3093\u306a\u611f\u3058\u3067\u3059
\nVCL\u30b3\u30fc\u30c9<\/p>\n\n\r\nacl foo {\r\n "127.0.0.2";\r\n "127.0.0.0"\/19; \/\/(127.0.0.1 ~ 127.0.31.254\u3067127.0.0.2\u3092\u542b\u3080)\r\n}\r\n\n<\/pre>\n\n\r\nstatic int\r\nmatch_acl_named_foo(const struct sess *sp, const void *p)\r\n{\r\n const unsigned char *a;\r\n unsigned short fam;\r\n\r\n a = p;\r\n VRT_memmove(&amp;fam, a + 0, sizeof fam);\r\n if (fam == 2)\r\n a += 4;\r\n else if (fam == 10)\r\n a += 8;\r\n else {\r\n VRT_acl_log(sp, "NO_FAM foo");\r\n return(0);\r\n }\r\n\r\n if (fam == 2) {\r\n if (a[0] == 127) {\r\n if (a[1] == 0) {\r\n if (a[2] == 0) {\/\/\u3053\u3053\u3067\u672c\u6765\u30de\u30c3\u30c1\u3057\u306a\u304f\u3066\u306f\u884c\u3051\u306a\u3044127.0.1\uff5e127.0.31\u304c\u6392\u9664\u3055\u308c\u308b\r\n if (a[3] == 2) {\r\n VRT_acl_log(sp, "MATCH foo " "127.0.0.2");\r\n return (1);\r\n }\r\n VRT_acl_log(sp, "MATCH foo " "127.0.0.0" "\/19" );\r\n return (1);\r\n }\r\n }\r\n }\r\n }\r\n VRT_acl_log(sp, "NO_MATCH foo");\r\n return (0);\r\n}\r\n\n<\/pre>\n\n\r\nstatic int\r\nmatch_acl_named_foo(const struct sess *sp, const void *p)\r\n{\r\n const unsigned char *a;\r\n unsigned short fam;\r\n\r\n a = p;\r\n VRT_memmove(&amp;fam, a + 0, sizeof fam);\r\n if (fam == 2)\r\n a += 4;\r\n else if (fam == 10)\r\n a += 8;\r\n else {\r\n VRT_acl_log(sp, "NO_FAM foo");\r\n return(0);\r\n }\r\n\r\n if (fam == 2) {\r\n if (a[0] == 127) {\r\n if (a[1] == 0) {\r\n if (a[2] == 0) {\r\n if (a[3] == 2) {\r\n VRT_acl_log(sp, "MATCH foo " "127.0.0.2");\r\n return (1);\r\n }\r\n }\r\n if ((a[2] &amp; 0xe0) == 0) {\r\n VRT_acl_log(sp, "MATCH foo " "127.0.0.0" "\/19" );\r\n return (1);\r\n }\r\n }\r\n }\r\n }\r\n VRT_acl_log(sp, "NO_MATCH foo");\r\n return (0);\r\n}\r\n\n<\/pre>\n
\n\u8a72\u5f53\u306eACL\u30de\u30c3\u30c1\u95a2\u6570(match_acl_named_[ACL\u540d])\u3092\u898b\u305f\u307b\u3046\u304c\u826f\u3044\u304b\u3068\u601d\u3044\u307e\u3059\u3002<\/p>\n
\n#1184<\/a><\/p>\n
\n#1224<\/a><\/p>\n\u30c4\u30fc\u30eb\u6539\u5584<\/h3>\n
\n\u25a0varnishadm\u3067tab\u3092\u6253\u3064\u3068\u5019\u88dc\u304c\u51fa\u308b\u3088\u3046\u306b\u306a\u308a\u307e\u3057\u305f<\/b><\/p>\n\u30d1\u30d5\u30a9\u30fc\u30de\u30f3\u30b9\u7cfb<\/h3>\n
\nchunk\u306e\u6642\u52b9\u3044\u3066\u304d\u305d\u3046\u3067\u3059\u3002<\/p>\n\u305d\u306e\u4ed6<\/h3>\n
\n\u5373\u5207\u65ad\u3055\u308c\u307e\u3059\u306e\u3067vcl_recv\u306f\u547c\u3070\u308c\u307e\u305b\u3093(\u58ca\u308c\u305f\u30bb\u30c3\u30b7\u30e7\u30f3\u6271\u3044\u3067\u3059)<\/p>\n\n\r\nTrying 127.0.0.1...\r\nConnected to localhost.\r\nEscape character is '^]'.\r\nGET \/test HTTP\/1.0\r\nHost: exmple.jp\r\nHost: exmple.jp\r\n\r\nConnection closed by foreign host.\r\n\r\nvarnishncsa\u30ed\u30b0\r\n\u2605\u30db\u30b9\u30c8\u30d8\u30c3\u30c01\u3064\r\n127.0.0.1 - - [18\/Jun\/2013:22:42:40 +0900] "GET http:\/\/exmple.jp\/test HTTP\/1.0" 404 287 "-" "-"\r\n\u2605\u30db\u30b9\u30c8\u30d8\u30c3\u30c0\u8907\u6570\r\n127.0.0.1 - - [18\/Jun\/2013:22:42:44 +0900] "GET http:\/\/exmple.jp\/test HTTP\/1.0" - "-" "-"\r\n\n<\/pre>\n
\n\u25a0ABI\u5909\u308f\u3063\u3066\u308b\u306e\u3067vmod\u306e\u30ea\u30b3\u30f3\u30d1\u30a4\u30eb\u304c\u5fc5\u8981<\/b><\/p>\n
<\/a><\/div> <\/a><\/div>
<\/a><\/div> 
<\/a><\/div>
\n","protected":false},"excerpt":{"rendered":"