Fixed assertion related to TCP_RESET feature

When 'deny_info TCP_RESET' was used (and triggered), Squid asserted
in connNoteUseOfBuffer().  Because we called comm_reset_close() in
clientReplyContext::sendMoreData(), the ClientHttpRequest was freed
before http->doCallouts() returned.  Thus we were accessing freed
memory and passing a bad value to connNoteUseOfBuffer().

I've moved the comm_reset_close() call from there to
clientProcessRequest().  I dont really like having it in
clientProcessRequest(), but it seems to be the only place that will
work.  At least this way we can avoid the destroying ClientHttpRequest
before clientProcessRequest() reaches 'finish'.

diff --git a/src/client_side.cc b/src/client_side.cc
index 61af5dfedd5c884e9c49bae72a98b16445e9bdcf..309a2734017b721d8c962aff7022f6b559750ca4 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side.cc,v 1.754 2007/05/18 06:41:23 amosjeffries Exp $
+ * $Id: client_side.cc,v 1.755 2007/05/18 18:30:41 wessels Exp $
  *
  * DEBUG: section 33    Client-side Routines
  * AUTHOR: Duane Wessels
@@ -2279,10 +2279,23 @@ clientProcessRequest(ConnStateData::Pointer &conn, HttpParser *hp, ClientSocketC
     http->calloutContext = new ClientRequestContext(http);
 
     http->doCallouts();
-
+    
 finish:
     if (!notedUseOfBuffer)
         connNoteUseOfBuffer(conn.getRaw(), http->req_sz);
+
+    /*
+     * DPW 2007-05-18
+     * Moved the TCP_RESET feature from clientReplyContext::sendMoreData
+     * to here because calling comm_reset_close() causes http to
+     * be freed and the above connNoteUseOfBuffer() would hit an
+     * assertion, not to mention that we were accessing freed memory.
+     */
+    if (http->request->flags.resetTCP() && conn->fd > -1) {
+       debugs(33, 3, HERE << "Sending TCP RST on FD " << conn->fd);
+       comm_reset_close(conn->fd);
+       return;
+    }
 }
 
 static void

diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc
index 48d1aca03a772e065a4ceb4db128b1b514533fbf..cbd61075cc1c72e8ca7c7a0899ebd6e66324e890 100644 (file)
--- a/src/client_side_reply.cc
+++ b/src/client_side_reply.cc
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side_reply.cc,v 1.127 2007/05/18 06:41:23 amosjeffries Exp $
+ * $Id: client_side_reply.cc,v 1.128 2007/05/18 18:30:41 wessels Exp $
  *
  * DEBUG: section 88    Client-side Reply Routines
  * AUTHOR: Robert Collins (Originally Duane Wessels in client_side.c)
@@ -1922,15 +1922,6 @@ clientReplyContext::sendMoreData (StoreIOBuffer result)
     /* update size of the request */
     reqsize = reqofs;
 
-    if (http->request->flags.resetTCP()) {
-        /* yuck. FIXME: move to client_side.c */
-
-        if (fd != -1)
-            comm_reset_close(fd);
-
-        return;
-    }
-
     if (errorInStream(result, reqofs)) {
         sendStreamError(result);
         return;