From: wessels <> Date: Sat, 19 May 2007 00:30:41 +0000 (+0000) Subject: Fixed assertion related to TCP_RESET feature X-Git-Tag: SQUID_3_0_PRE7~259 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=52c2c8a8da771d331956ce2808fbd7c98ada56dc;p=thirdparty%2Fsquid.git Fixed assertion related to TCP_RESET feature When 'deny_info TCP_RESET' was used (and triggered), Squid asserted in connNoteUseOfBuffer(). Because we called comm_reset_close() in clientReplyContext::sendMoreData(), the ClientHttpRequest was freed before http->doCallouts() returned. Thus we were accessing freed memory and passing a bad value to connNoteUseOfBuffer(). I've moved the comm_reset_close() call from there to clientProcessRequest(). I dont really like having it in clientProcessRequest(), but it seems to be the only place that will work. At least this way we can avoid the destroying ClientHttpRequest before clientProcessRequest() reaches 'finish'. --- diff --git a/src/client_side.cc b/src/client_side.cc index 61af5dfedd..309a273401 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -1,6 +1,6 @@ /* - * $Id: client_side.cc,v 1.754 2007/05/18 06:41:23 amosjeffries Exp $ + * $Id: client_side.cc,v 1.755 2007/05/18 18:30:41 wessels Exp $ * * DEBUG: section 33 Client-side Routines * AUTHOR: Duane Wessels @@ -2279,10 +2279,23 @@ clientProcessRequest(ConnStateData::Pointer &conn, HttpParser *hp, ClientSocketC http->calloutContext = new ClientRequestContext(http); http->doCallouts(); - + finish: if (!notedUseOfBuffer) connNoteUseOfBuffer(conn.getRaw(), http->req_sz); + + /* + * DPW 2007-05-18 + * Moved the TCP_RESET feature from clientReplyContext::sendMoreData + * to here because calling comm_reset_close() causes http to + * be freed and the above connNoteUseOfBuffer() would hit an + * assertion, not to mention that we were accessing freed memory. + */ + if (http->request->flags.resetTCP() && conn->fd > -1) { + debugs(33, 3, HERE << "Sending TCP RST on FD " << conn->fd); + comm_reset_close(conn->fd); + return; + } } static void diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc index 48d1aca03a..cbd61075cc 100644 --- a/src/client_side_reply.cc +++ b/src/client_side_reply.cc @@ -1,6 +1,6 @@ /* - * $Id: client_side_reply.cc,v 1.127 2007/05/18 06:41:23 amosjeffries Exp $ + * $Id: client_side_reply.cc,v 1.128 2007/05/18 18:30:41 wessels Exp $ * * DEBUG: section 88 Client-side Reply Routines * AUTHOR: Robert Collins (Originally Duane Wessels in client_side.c) @@ -1922,15 +1922,6 @@ clientReplyContext::sendMoreData (StoreIOBuffer result) /* update size of the request */ reqsize = reqofs; - if (http->request->flags.resetTCP()) { - /* yuck. FIXME: move to client_side.c */ - - if (fd != -1) - comm_reset_close(fd); - - return; - } - if (errorInStream(result, reqofs)) { sendStreamError(result); return;