From: Alex Rousskov Date: Wed, 5 Jun 2013 13:00:09 +0000 (-0600) Subject: Bug 3717: assertion failed with dstdom_regex with IP based URL X-Git-Tag: SQUID_3_3_6~11 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=2935fea374a841eca08e8d6ca492dd8e4bedfd0c;p=thirdparty%2Fsquid.git Bug 3717: assertion failed with dstdom_regex with IP based URL A combination of ACL negation and async lookup leads to Checklist.cc:287:"!needsAsync && !matchFinished" assertions. The lower-level ACL code says "not a match because I need an async lookup" but the negation-handling code in ACL::matches() ignores the "need an async lookup" part and converts "not a match" into a "match". This patch prevents that conversion, while allowing Checklist code to decide what to do with an async lookup (depending on whether the directive being checked supports slow ACLs). Note that this change prevents admins from negating async lookups in directives that do not support them: both "!foo" and "foo" will probably not match in those directives if ACL foo needs an async lookup. --- diff --git a/src/acl/Acl.cc b/src/acl/Acl.cc index 5043159ef8..42944a68c6 100644 --- a/src/acl/Acl.cc +++ b/src/acl/Acl.cc @@ -335,13 +335,24 @@ ACLList::matches (ACLChecklist *checklist) const AclMatchedName = _acl->name; debugs(28, 3, "ACLList::matches: checking " << (op ? null_string : "!") << _acl->name); - if (_acl->checklistMatches(checklist) != op) { - debugs(28, 4, "ACLList::matches: result is false"); - return false; + bool result = false; + if (_acl->checklistMatches(checklist) == 1) { + debugs(28, 5, _acl->name << " matched" << (op ? "." : ", negating.")); + result = (op != 0); + } else if (checklist->finished()) { + debugs(28, 5, _acl->name << " failed."); + result = false; + } else if (checklist->asyncNeeded()) { + debugs(28, 5, _acl->name << " needs async lookup"); + result = false; + } else { + debugs(28, 5, _acl->name << " mismatched" << (op ? "." : ", negating.")); + result = (op == 0); } - debugs(28, 4, "ACLList::matches: result is true"); - return true; + debugs(28, 4, (op ? null_string : "!") << _acl->name << " result is " << + (result ? "true" : "false")); + return result; } /*********************/