From: Christos Tsantilas Date: Fri, 26 Sep 2014 10:01:19 +0000 (+0300) Subject: Do not crash when sending %ssl::cert_subject to external ACL w/o certificate. X-Git-Tag: SQUID_3_5_0_1~36 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=7970e4cfd13bac4045a46f451c950dc003231594;p=thirdparty%2Fsquid.git Do not crash when sending %ssl::cert_subject to external ACL w/o certificate. An ACL check in ConnStateData::postHttpsAccept (e.g., when dealing with an intercepted SSL connection) uses an HttpRequest object that is not yet linked with the ConnStateData object. Do not blindly dereference the pointer to the latter. This is a Measurement Factory project --- diff --git a/src/external_acl.cc b/src/external_acl.cc index 6cfb9bec73..9d4d889042 100644 --- a/src/external_acl.cc +++ b/src/external_acl.cc @@ -1073,7 +1073,7 @@ makeExternalAclKey(ACLFilledChecklist * ch, external_acl_data * acl_data) X509 *serverCert = NULL; if (ch->serverCert.get()) serverCert = ch->serverCert.get(); - else if (ch->conn()->serverBump()) + else if (ch->conn() && ch->conn()->serverBump()) serverCert = ch->conn()->serverBump()->serverCert.get(); if (serverCert) {