From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Wed, 8 Apr 2015 15:46:14 +0000 (+0300)
Subject: Fix: An invalid request->clientConnectionManager object can be used inside Ssl::PeerC... 
X-Git-Tag: merge-candidate-3-v1~188
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=92d867c584af264ce8476d7d83c9fc7fe0187ee5;p=thirdparty%2Fsquid.git

Fix: An invalid request->clientConnectionManager object can be used inside Ssl::PeerConnector::handleNegotiateError method

This patch adds the Ssl::ServerBio::bumpMode() method to retrieve the configured
mode from a ServerBio object, and uses this method for checking the bumping
mode inside Ssl::PeerConnector::handleNegotiateError method

This is a Measurement Factory project
---

diff --git a/src/ssl/PeerConnector.cc b/src/ssl/PeerConnector.cc
index 484acc7cf8..50a01c1223 100644
--- a/src/ssl/PeerConnector.cc
+++ b/src/ssl/PeerConnector.cc
@@ -532,7 +532,7 @@ Ssl::PeerConnector::handleNegotiateError(const int ret)
         return;
 
     case SSL_ERROR_WANT_WRITE:
-        if ((request->clientConnectionManager->sslBumpMode == Ssl::bumpPeek || request->clientConnectionManager->sslBumpMode == Ssl::bumpStare) && srvBio->holdWrite()) {
+        if ((srvBio->bumpMode() == Ssl::bumpPeek || srvBio->bumpMode() == Ssl::bumpStare) && srvBio->holdWrite()) {
             debugs(81, DBG_IMPORTANT, "hold write on SSL connection on FD " << fd);
             checkForPeekAndSplice();
             return;
@@ -556,7 +556,7 @@ Ssl::PeerConnector::handleNegotiateError(const int ret)
 #if 1
         if (!SSL_get_ex_data(ssl, ssl_ex_index_ssl_error_detail) &&
                 SSL_get_peer_certificate(ssl) &&
-                (request->clientConnectionManager->sslBumpMode == Ssl::bumpPeek  || request->clientConnectionManager->sslBumpMode == Ssl::bumpStare) && srvBio->holdWrite()) {
+                (srvBio->bumpMode() == Ssl::bumpPeek  || srvBio->bumpMode() == Ssl::bumpStare) && srvBio->holdWrite()) {
             debugs(81, 3, "Error ("  << ERR_error_string(ssl_lib_error, NULL) <<  ") but, hold write on SSL connection on FD " << fd);
             checkForPeekAndSplice();
             return;
diff --git a/src/ssl/bio.h b/src/ssl/bio.h
index 0abbaa075b..f053fb2525 100644
--- a/src/ssl/bio.h
+++ b/src/ssl/bio.h
@@ -179,6 +179,7 @@ public:
     bool canBump() {return allowBump;}
     /// The bumping mode
     void mode(Ssl::BumpMode m) {bumpMode_ = m;}
+    Ssl::BumpMode bumpMode() {return bumpMode_;} ///< return the bumping mode
 private:
     /// A random number to use as "client random" in client hello message
     sslFeatures clientFeatures;