"ssl_bump none" mode crashes squid

After r13324 patch the SBuf argument of the ConnStateData::handleReadData member
is used only to check if ConnStateData::In::buf is correctly filled with read
data. ConnStateData::handleReadData considers that the data already written
in ConnStateData::in.buf and checks if the passed Sbuf argument is the
ConnStateData::in.buf:

bool ConnStateData::handleReadData(SBuf *buf)
{
   assert(buf == &in.buf);
   .....

The httpsSslBumpAccessCheckDone function needs to write the CONNECT request
generated internally to force tunnel mode, in ConnStateData::In::buf and then
call ConnStateData::handleReadData method.

diff --git a/src/client_side.cc b/src/client_side.cc
index b42dc70ed522f2a540a96f6f1e476409585ffac5..0cb7be8d1f2285b47f9d9431f3d21320c57b1c13 100644 (file)
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -3631,9 +3631,8 @@ httpsSslBumpAccessCheckDone(allow_t answer, void *data)
         // fake a CONNECT request to force connState to tunnel
         static char ip[MAX_IPSTRLEN];
         connState->clientConnection->local.toUrl(ip, sizeof(ip));
-        SBuf reqStr;
-        reqStr.append("CONNECT ").append(ip).append(" HTTP/1.1\r\nHost: ").append(ip).append("\r\n\r\n");
-        bool ret = connState->handleReadData(&reqStr);
+        connState->in.buf.append("CONNECT ").append(ip).append(" HTTP/1.1\r\nHost: ").append(ip).append("\r\n\r\n");
+        bool ret = connState->handleReadData(&connState->in.buf);
         if (ret)
             ret = connState->clientParseRequests();