From: Christos Tsantilas Date: Wed, 21 May 2014 06:29:38 +0000 (+0300) Subject: "ssl_bump none" mode crashes squid X-Git-Tag: SQUID_3_5_0_1~228 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ef27e126884cdf23bb787ddad6e97b43451e5251;p=thirdparty%2Fsquid.git "ssl_bump none" mode crashes squid After r13324 patch the SBuf argument of the ConnStateData::handleReadData member is used only to check if ConnStateData::In::buf is correctly filled with read data. ConnStateData::handleReadData considers that the data already written in ConnStateData::in.buf and checks if the passed Sbuf argument is the ConnStateData::in.buf: bool ConnStateData::handleReadData(SBuf *buf) { assert(buf == &in.buf); ..... The httpsSslBumpAccessCheckDone function needs to write the CONNECT request generated internally to force tunnel mode, in ConnStateData::In::buf and then call ConnStateData::handleReadData method. --- diff --git a/src/client_side.cc b/src/client_side.cc index b42dc70ed5..0cb7be8d1f 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -3631,9 +3631,8 @@ httpsSslBumpAccessCheckDone(allow_t answer, void *data) // fake a CONNECT request to force connState to tunnel static char ip[MAX_IPSTRLEN]; connState->clientConnection->local.toUrl(ip, sizeof(ip)); - SBuf reqStr; - reqStr.append("CONNECT ").append(ip).append(" HTTP/1.1\r\nHost: ").append(ip).append("\r\n\r\n"); - bool ret = connState->handleReadData(&reqStr); + connState->in.buf.append("CONNECT ").append(ip).append(" HTTP/1.1\r\nHost: ").append(ip).append("\r\n\r\n"); + bool ret = connState->handleReadData(&connState->in.buf); if (ret) ret = connState->clientParseRequests();