From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Fri, 22 Jan 2016 14:57:46 +0000 (+0200)
Subject: Name-only note ACL stopped matching after trunk r14465 (note -m).
X-Git-Tag: SQUID_4_0_5~31
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=fef01789505748723a86438cc8851cc345cad5fb;p=thirdparty%2Fsquid.git

Name-only note ACL stopped matching after trunk r14465 (note -m).

Despite this fix, empty ACLStringData values (also used for myportname,
peername, tag, and other ACLs) must [continue to] match nothing because
Squid ORs acl values. In math, empty disjunction is false.

The note ACL matches name:value entries, not bare values. A valueless
name has a different semantics than an empty list of bare values. It is

  (name and value1) or (name and value2)

rather than

  name and (value1 or value2)

where an empty value disjunction would have falsified the whole
condition.

This is a Measurement Factory project.
---

diff --git a/src/acl/NoteData.cc b/src/acl/NoteData.cc
index 9ee6e2a761..d071a578bd 100644
--- a/src/acl/NoteData.cc
+++ b/src/acl/NoteData.cc
@@ -26,7 +26,12 @@ ACLNoteData::~ACLNoteData()
 bool
 ACLNoteData::match(NotePairs::Entry *entry)
 {
-    return !entry->name.cmp(name.termedBuf()) && values->match(entry->value.termedBuf());
+    if (entry->name.cmp(name.termedBuf()) != 0)
+        return false; // name mismatch
+
+    // a name-only note ACL matches any value; others require a values match
+    return values->empty() ||
+        values->match(entry->value.termedBuf());
 }
 
 SBufList