git.ipfire.org Git - thirdparty/squid.git/commit

Do not assert on native FTP ERR_TOO_BIG. Do not check for ERR_TOO_BIG twice.

The assertion occurred because both the FTP request parser and the generic
ConnStateData::checkHeaderLimits() code would try to write their own error
message to the user. Reworked all error reporting code in the FTP parser to
avoid writing early responses (that were bypassing the overall transaction
flow with various negative side effects such as lack of logging).

Removed ConnStateData::checkHeaderLimits(): We already have protocol-specific
checks for huge HTTP and FTP requests. There is no point in duplicating them.
Centralizing them sounds like a good idea, but a general checkHeaderLimits()
cannot produce protocol-specific errors messages that we need, so it hurts
more than it helps. Moreover, checkHeaderLimits() was handling errors
differently than protocol parsing code, making the code more complex overall.

All that remains from the checkHeaderLimits() code now is a single Must(),
checking that the protocol parsers did what they were supposed to do: Return
NULL to request more data after checking any applicable limits. If parsers do
not (a Squid bug!), the ConnStateData job gets killed (and connection gets
closed) as the last resort.

Added clientReplyContext::setReplyToReply() and
StoreEntry::storeErrorResponse() to handle storing of a response to an FTP
command parsing error. The old code was using ErrorState to store parsing
errors, but ErrorState is still HTTP-specific and cannot relay the right FTP
codes/reasons to the user. The setReplyToReply() sounds silly but it matches
the existing setReplyTo*() naming scheme well.

Make sure parsed native FTP command tokens are not even close to the String
buffer limit. These checks are not a firm guarantee, but are better than
nothing until we replace String.

Handle ClientSocketContext registration centrally because all parsers need it.

Call quitAfterError() on fatal native FTP errors. Probably not necessary due
to fssError handling code that closes the FTP control connection, but adds
helpful debugging and brings us closer to the HTTP error handling code.

Described ConnStateData::clientParseRequests().

author	Alex Rousskov <rousskov@measurement-factory.com>
	Tue, 19 Aug 2014 18:09:50 +0000 (12:09 -0600)
committer	Alex Rousskov <rousskov@measurement-factory.com>
	Tue, 19 Aug 2014 18:09:50 +0000 (12:09 -0600)
commit	eacfca83ef8fa0e610644539cee10dbdc150bcff
tree	22e05c49d116194685ff720d26ef3218c55f198a	tree \| snapshot
parent	c63f032234b0605e9c36c3c4b43d257033be6b8d	commit \| diff

src/Store.h		diff \| blob \| blame \| history
src/client_side.cc		diff \| blob \| blame \| history
src/client_side.h		diff \| blob \| blame \| history
src/client_side_reply.cc		diff \| blob \| blame \| history
src/client_side_reply.h		diff \| blob \| blame \| history
src/errorpage.cc		diff \| blob \| blame \| history
src/servers/FtpServer.cc		diff \| blob \| blame \| history
src/servers/FtpServer.h		diff \| blob \| blame \| history
src/servers/HttpServer.cc		diff \| blob \| blame \| history
src/store.cc		diff \| blob \| blame \| history
src/tests/stub_client_side.cc		diff \| blob \| blame \| history