main/squid/SQUID-2016_9.patch


1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
119
120
121
122
123
124
125
126
127
128
129
130
131
132
133
134
135
136
137
138
139
140
141
142
143
144
145

------------------------------------------------------------
revno: 13237
revision-id: squid3@treenet.co.nz-20160506091244-3td2be9qbzsajxg8
parent: squid3@treenet.co.nz-20160502034253-axee4hqa4wuhlpkg
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4455
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.4
timestamp: Fri 2016-05-06 21:12:44 +1200
message:
  Bug 4455: SegFault from ESIInclude::Start
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160506091244-3td2be9qbzsajxg8
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
# testament_sha1: b9714bc153e5fd6e8fe505a6c1d8a54c88e03a77
# timestamp: 2016-05-06 09:48:43 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
# base_revision_id: squid3@treenet.co.nz-20160502034253-\
#   axee4hqa4wuhlpkg
# 
# Begin patch
=== modified file 'src/client_side_request.cc'
--- a/src/client_side_request.cc	2014-04-09 16:53:05 +0000
+++ b/src/client_side_request.cc	2016-05-06 09:12:44 +0000
@@ -163,13 +163,15 @@
     start_time = current_time;
     setConn(aConn);
     al = new AccessLogEntry;
-    al->tcpClient = clientConnection = aConn->clientConnection;
+    if (aConn) {
+        al->tcpClient = clientConnection = aConn->clientConnection;
 #if USE_SSL
-    if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
-        if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl)
-            al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
+        if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
+            if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl)
+                al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
+        }
+#endif
     }
-#endif
     dlinkAdd(this, &active, &ClientActiveRequests);
 #if USE_ADAPTATION
     request_satisfaction_mode = false;

------------------------------------------------------------
revno: 13238
revision-id: squid3@treenet.co.nz-20160506094614-zyjq1i8ym2gcvwbu
parent: squid3@treenet.co.nz-20160506091244-3td2be9qbzsajxg8
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.4
timestamp: Fri 2016-05-06 21:46:14 +1200
message:
  Fix SIGSEGV in ESIContext response handling
  
  HttpReply pointer was being unlocked without heving been locked.
  Resulting in a double-free. Make it use RefCount instead of
  manual locking to ensure locked/unlock is always symmetrical.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160506094614-zyjq1i8ym2gcvwbu
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
# testament_sha1: 4ff01cd3aaffb8c9b20b8595d2ee0ccfcf434b3f
# timestamp: 2016-05-06 09:48:45 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
# base_revision_id: squid3@treenet.co.nz-20160506091244-\
#   3td2be9qbzsajxg8
# 
# Begin patch
=== modified file 'src/esi/Context.h'
--- a/src/esi/Context.h	2013-06-27 15:58:46 +0000
+++ b/src/esi/Context.h	2016-05-06 09:46:14 +0000
@@ -36,6 +36,7 @@
 #include "esi/Element.h"
 #include "clientStream.h"
 #include "err_type.h"
+#include "HttpReply.h"
 #include "http/StatusCode.h"
 
 class ESIVarState;
@@ -114,7 +115,7 @@
     err_type errorpage; /* if we error what page to use */
     Http::StatusCode errorstatus; /* if we error, what code to return */
     char *errormessage; /* error to pass to error page */
-    HttpReply *rep; /* buffered until we pass data downstream */
+    HttpReply::Pointer rep; /* buffered until we pass data downstream */
     ESISegment::Pointer buffered; /* unprocessed data - for whatever reason */
     ESISegment::Pointer incoming;
     /* processed data we are waiting to send, or for

=== modified file 'src/esi/Esi.cc'
--- a/src/esi/Esi.cc	2016-04-20 11:15:14 +0000
+++ b/src/esi/Esi.cc	2016-05-06 09:46:14 +0000
@@ -598,7 +598,7 @@
 
 #endif
 
-    if (!(rep || (outbound.getRaw() &&
+    if (!(rep != NULL || (outbound.getRaw() &&
                   outbound->len && (outbound_offset <= outbound->len)))) {
         debugs(86, 5, "ESIContext::send: Nothing to send.");
         return 0;
@@ -643,18 +643,18 @@
     flags.clientwantsdata = 0;
     debugs(86, 5, "ESIContext::send: this=" << this << " Client no longer wants data ");
     /* Deal with re-entrancy */
-    HttpReply *temprep = rep;
+    HttpReply::Pointer temprep = rep;
     rep = NULL; /* freed downstream */
 
-    if (temprep && varState)
-        varState->buildVary (temprep);
+    if (temprep != NULL && varState)
+        varState->buildVary(temprep.getRaw());
 
     {
         StoreIOBuffer tempBuffer;
         tempBuffer.length = len;
         tempBuffer.offset = pos - len;
         tempBuffer.data = next->readBuffer.data;
-        clientStreamCallback (thisNode, http, temprep, tempBuffer);
+        clientStreamCallback (thisNode, http, temprep.getRaw(), tempBuffer);
     }
 
     if (len == 0)
@@ -1284,7 +1284,7 @@
         ++parserState.stackdepth;
     }
 
-    if (rep && !parserState.inited())
+    if (rep != NULL && !parserState.inited())
         parserState.init(this);
 
     /* we have data */
@@ -1423,7 +1423,7 @@
 {
     debugs(86, 5, HERE << "Freeing for this=" << this);
 
-    HTTPMSGUNLOCK(rep);
+    rep = NULL; // refcounted
 
     finishChildren ();