Squid Assertion MemBuf.cc:380: "new_cap > (size_t) capacity"

The maximum buffer size for holding Server and Client SSL hello messages is only
16k which is not enough hold a Hello message which includes some extensions and
1-2 or more Certificates.
This patch increases the maximum size to 65535 and also adds some checks to
avoid squid crashes in the case the hello messages buffer overflows.

This is a Measurement Factory project

diff --git a/src/ssl/bio.cc b/src/ssl/bio.cc
index 788c5db18f44b227fd123776b08f3703481d9883..ae0ed5d97ddafa7cfa18f43c4c55105532c9fe21 100644 (file)
--- a/src/ssl/bio.cc
+++ b/src/ssl/bio.cc
@@ -147,6 +147,13 @@ Ssl::Bio::stateChanged(const SSL *ssl, int where, int ret)
            SSL_state_string(ssl) << " (" << SSL_state_string_long(ssl) << ")");
 }
 
+void
+Ssl::Bio::prepReadBuf()
+{
+    if (rbuf.isNull())
+        rbuf.init(4096, 65536);
+}
+
 bool
 Ssl::ClientBio::isClientHello(int state)
 {
@@ -192,14 +199,14 @@ int
 Ssl::ClientBio::read(char *buf, int size, BIO *table)
 {
     if (helloState < atHelloReceived) {
-
-        if (rbuf.isNull())
-            rbuf.init(1024, 16384);
+        prepReadBuf();
 
         size = rbuf.spaceSize() > size ? size : rbuf.spaceSize();
 
-        if (!size)
-            return 0;
+        if (!size) {
+            debugs(83, DBG_IMPORTANT, "Not enough space to hold client SSL hello message");
+            return -1;
+        }
 
         int bytes = Ssl::Bio::read(buf, size, table);
         if (bytes <= 0)
@@ -272,8 +279,13 @@ Ssl::ServerBio::read(char *buf, int size, BIO *table)
     int bytes = Ssl::Bio::read(buf, size, table);
 
     if (bytes > 0 && record_) {
-        if (rbuf.isNull())
-            rbuf.init(1024, 16384);
+        prepReadBuf();
+
+        if (rbuf.spaceSize() < bytes) {
+            debugs(83, DBG_IMPORTANT, "Not enough space to hold server hello message");
+            return -1;
+        }
+ 
         rbuf.append(buf, bytes);
         debugs(83, 5, "Record is enabled store " << bytes << " bytes");
     }

diff --git a/src/ssl/bio.h b/src/ssl/bio.h
index 470896b9ecf132f64c64e97eed3b6fb81d3b9d9c..910fd86b1d27e617244e2f7fc6a9d30d9930a67f 100644 (file)
--- a/src/ssl/bio.h
+++ b/src/ssl/bio.h
@@ -110,6 +110,9 @@ public:
     /// Tells ssl connection to use BIO and monitor state via stateChanged()
     static void Link(SSL *ssl, BIO *bio);
 
+    /// Prepare the rbuf buffer to accept hello data
+    void prepReadBuf();
+
     const MemBuf &rBufData() {return rbuf;}
 protected:
     const int fd_; ///< the SSL socket we are reading and writing