From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Mon, 1 Aug 2016 09:42:45 +0000 (+0300)
Subject: Polishing fixes from squid-dev review
X-Git-Tag: SQUID_4_0_13~5^2~1
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=c31381d0554db729d2094189da6ad11be3f485c5;p=thirdparty%2Fsquid.git

Polishing fixes from squid-dev review
---

c31381d0554db729d2094189da6ad11be3f485c5
diff --cc src/Downloader.cc
index 901b2559a8,ee85e953b5..7a05a5970a
--- a/src/Downloader.cc
+++ b/src/Downloader.cc
@@@ -177,19 -187,26 +187,24 @@@ Downloader::handleReply(clientStreamNod
          return;
      }
  
-     debugs(33, 4, "Received " << receivedData.length <<
-            " object data, offset: " << receivedData.offset <<
-            " error flag:" << receivedData.flags.error);
+     const int64_t existingContent = reply ? reply->content_length : 0;
+     const size_t maxSize = MaxObjectSize > SBuf::maxSize ? SBuf::maxSize : MaxObjectSize;
+     const bool tooLarge = (existingContent > -1 && existingContent > static_cast<int64_t>(maxSize)) ||
+                           (maxSize < object_.length()) ||
+                           ((maxSize - object_.length()) < receivedData.length);
  
-     if (receivedData.length > 0) {
-         object.append(receivedData.data, receivedData.length);
-         http->out.size += receivedData.length;
-         http->out.offset += receivedData.length;
+     if (tooLarge) {
+         callBack(Http::scInternalServerError);
+         return;
      }
  
-     switch (clientStreamStatus (node, http)) {
 -    if (receivedData.length) {
 -        object_.append(receivedData.data, receivedData.length);
 -        http->out.size += receivedData.length;
 -        http->out.offset += receivedData.length;
 -    }
++    object_.append(receivedData.data, receivedData.length);
++    http->out.size += receivedData.length;
++    http->out.offset += receivedData.length;
+ 
+     switch (clientStreamStatus(node, http)) {
      case STREAM_NONE: {
-         debugs(33, 3, HERE << "Get more data");
+         debugs(33, 3, "Get more data");
          StoreIOBuffer tempBuffer;
          tempBuffer.offset = http->out.offset;
          tempBuffer.data = context_->requestBuffer;
diff --cc src/ssl/PeerConnector.cc
index abdf5cfc57,bc2d87ffe3..bc19bee365
--- a/src/ssl/PeerConnector.cc
+++ b/src/ssl/PeerConnector.cc
@@@ -560,6 -555,6 +555,12 @@@ Ssl::PeerConnector::certDownloadingDone
      Ssl::ServerBio *srvBio = static_cast<Ssl::ServerBio *>(b->ptr);
  
      // Parse Certificate. Assume that it is in DER format.
++    // According to RFC 4325:
++    //  The server must provide a DER encoded certificate or a collection
++    // collection of certificates in a "certs-only" CMS message.
++    //  The applications MUST accept DER encoded certificates and SHOULD
++    // be able to accept collection of certificates.
++    // TODO: support collection of certificates
      const unsigned char *raw = (const unsigned char*)obj.rawContent();
      if (X509 *cert = d2i_X509(NULL, &raw, obj.length())) {
          char buffer[1024];