From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 11 Nov 2011 10:22:02 +0000 (-0700)
Subject: Bug 3412: External ACL Uses Invalid Cache Entry
X-Git-Tag: BumpSslServerFirst.take01~29
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ad06254ef3cb78b7fae72d52c2646103000c58dd;p=thirdparty%2Fsquid.git

Bug 3412: External ACL Uses Invalid Cache Entry
---

diff --git a/src/external_acl.cc b/src/external_acl.cc
index 5c286c4d1d..5da8e9930e 100644
--- a/src/external_acl.cc
+++ b/src/external_acl.cc
@@ -756,7 +756,14 @@ aclMatchExternal(external_acl_data *acl, ACLFilledChecklist *ch)
 
     if (entry) {
         if (cbdataReferenceValid(entry) && entry->def == acl->def) {
-            /* Ours, use it.. */
+            /* Ours, use it.. if the key matches */
+            key = makeExternalAclKey(ch, acl);
+            if (strcmp(key, (char*)entry->key) != 0) {
+                debugs(82, 9, HERE << "entry key='" << (char *)entry->key << "', our key='" << key << "' dont match. Discarded.");
+                // too bad. need a new lookup.
+                cbdataReferenceDone(ch->extacl_entry);
+                entry = NULL;
+            }
         } else {
             /* Not valid, or not ours.. get rid of it */
             debugs(82, 9, HERE << "entry " << entry << " not valid or not ours. Discarded.");