From: Eduard Bagdasaryan Date: Tue, 8 Mar 2022 14:47:32 +0000 (+0000) Subject: Fix ignore-cc/act-as-origin in wildcard split-stack ports (#994) X-Git-Tag: SQUID_6_0_1~223 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7801cce90cb6fa3c9ea8c05b5ba00678d1930380;p=thirdparty%2Fsquid.git Fix ignore-cc/act-as-origin in wildcard split-stack ports (#994) The PortCfg::clone() hack (and clone_http_port_list() before it) forgot to copy those two flags to the IPv4 port variant. Compilers will now be able to warn us if copying misses future members. Also prohibited other forms of copying, nearly restricting copying to the parsing code with special needs. --- diff --git a/src/anyp/PortCfg.cc b/src/anyp/PortCfg.cc index 5aa0100068..27a182057c 100644 --- a/src/anyp/PortCfg.cc +++ b/src/anyp/PortCfg.cc @@ -8,6 +8,7 @@ #include "squid.h" #include "anyp/PortCfg.h" +#include "anyp/UriScheme.h" #include "comm.h" #include "fatal.h" #include "security/PeerOptions.h" @@ -55,29 +56,39 @@ AnyP::PortCfg::~PortCfg() safe_free(defaultsite); } -AnyP::PortCfgPointer -AnyP::PortCfg::clone() const +AnyP::PortCfg::PortCfg(const PortCfg &other): + next(), // special case; see assert() below + s(other.s), + transport(other.transport), + name(other.name ? xstrdup(other.name) : nullptr), + defaultsite(other.defaultsite ? xstrdup(other.defaultsite) : nullptr), + flags(other.flags), + allow_direct(other.allow_direct), + vhost(other.vhost), + actAsOrigin(other.actAsOrigin), + ignore_cc(other.ignore_cc), + connection_auth_disabled(other.connection_auth_disabled), + ftp_track_dirs(other.ftp_track_dirs), + vport(other.vport), + disable_pmtu_discovery(other.disable_pmtu_discovery), + workerQueues(other.workerQueues), + tcp_keepalive(other.tcp_keepalive), + listenConn(), // special case; see assert() below + secure(other.secure) { - AnyP::PortCfgPointer b = new AnyP::PortCfg(); - b->s = s; - if (name) - b->name = xstrdup(name); - if (defaultsite) - b->defaultsite = xstrdup(defaultsite); - - b->transport = transport; - b->flags = flags; - b->allow_direct = allow_direct; - b->vhost = vhost; - b->vport = vport; - b->connection_auth_disabled = connection_auth_disabled; - b->workerQueues = workerQueues; - b->ftp_track_dirs = ftp_track_dirs; - b->disable_pmtu_discovery = disable_pmtu_discovery; - b->tcp_keepalive = tcp_keepalive; - b->secure = secure; + // to simplify, we only support port copying during parsing + assert(!other.next); + assert(!other.listenConn); +} - return b; +AnyP::PortCfg * +AnyP::PortCfg::ipV4clone() const +{ + const auto clone = new PortCfg(*this); + clone->s.setIPv4(); + debugs(3, 3, AnyP::UriScheme(transport.protocol).image() << "_port: " << + "cloned wildcard address for split-stack: " << s << " and " << clone->s); + return clone; } ScopedId diff --git a/src/anyp/PortCfg.h b/src/anyp/PortCfg.h index 93bfbaf1d6..a89b5ae849 100644 --- a/src/anyp/PortCfg.h +++ b/src/anyp/PortCfg.h @@ -25,8 +25,12 @@ class PortCfg : public CodeContext { public: PortCfg(); + // no public copying/moving but see ipV4clone() + PortCfg(PortCfg &&) = delete; ~PortCfg(); - AnyP::PortCfgPointer clone() const; + + /// creates the same port configuration but listening on any IPv4 address + PortCfg *ipV4clone() const; /* CodeContext API */ virtual ScopedId codeContextGist() const override; @@ -65,6 +69,9 @@ public: /// TLS configuration options for this listening port Security::ServerOptions secure; + +private: + explicit PortCfg(const PortCfg &other); // for ipV4clone() needs only! }; } // namespace AnyP diff --git a/src/cache_cf.cc b/src/cache_cf.cc index 44a19387fc..9837406d83 100644 --- a/src/cache_cf.cc +++ b/src/cache_cf.cc @@ -3833,10 +3833,7 @@ parsePortCfg(AnyP::PortCfgPointer *head, const char *optionName) // *_port line should now be fully valid so we can clone it if necessary if (Ip::EnableIpv6&IPV6_SPECIAL_SPLITSTACK && s->s.isAnyAddr()) { - // clone the port options from *s to *(s->next) - s->next = s->clone(); - s->next->s.setIPv4(); - debugs(3, 3, AnyP::UriScheme(s->transport.protocol).image() << "_port: clone wildcard address for split-stack: " << s->s << " and " << s->next->s); + s->next = s->ipV4clone(); } while (*head != NULL)