wessels [Tue, 2 Jan 2001 05:03:55 +0000 (05:03 +0000)]
Prevent NULL pointer access in aclMatchAcl(). Some ACL types require
checklist->request_t, but it won't be available in some cases (like
snmp_access). Warn the admin that the ACL can't be checked and that
we're denying it.
hno [Sun, 31 Dec 2000 12:15:38 +0000 (12:15 +0000)]
Some corrections/additions from the original /etc/hosts patch:
* The 'H' flag in the ipcache cachemgr output was missing.
* The memory allocation comment on ipcacheAddEntryFromHosts was plain wrong
(copy pasted from fqdncache.c I think.. correct there but not here)
wessels [Sun, 31 Dec 2000 05:15:57 +0000 (05:15 +0000)]
stringLimitInit() asserts if given more than 64K bytes because String
uses an unsigned short to store the string length. This patch prevents
the assertion by ignoring HTTP header names and values longer than 64K.
adrian [Sat, 16 Dec 2000 23:52:29 +0000 (23:52 +0000)]
Add support for netfilter in linux-2.4 . netfilter changes the semantics
of obtaining the target address of a redirected connection slightly -
it now requires a getsockopt(). Without this code, transparent requests
without a Host: header (ie HTTP/1.0) will not have enough information to
connect to the correct origin server.
The configure option is --enable-linux-netfilter. I don't think its
currently automatic (but then neither is ipf from memory.)
wessels [Sat, 9 Dec 2000 11:16:07 +0000 (11:16 +0000)]
Some people might want a zero-size cache on purpose. So if cache size
is zero, don't exit with a fatal warning that cache size is smaller
than memory size.
wessels [Sat, 9 Dec 2000 06:58:08 +0000 (06:58 +0000)]
Patch from Marcos Barreto de Castro <mbdecastro@yahoo.com>. Allows
auth process to send back a one-line message. If the ERR_ACCESS_DENIED
page has %m, it gets replaced with this message.
wessels [Tue, 5 Dec 2000 17:10:57 +0000 (17:10 +0000)]
A number of CARP bug fixes.
peer->carp.hash was an unsigned long, but the spec requires 32-bit math
on integers. Since longs are known to sometimes be 64-bits, its safer
to use unsigned int.
peer->carp.load_factor was a float, but its better to use double to
be consistent with other floating point functions and variables.
In parse_peer() I'm concerned that *token could be signed, so its
now casted to unsigned int.
In parse_peer() there is a bug in calculating the proxy hostname hash.
On the final ROTATE_LEFT, it should be "=" rather than "+=".
In carpInit() pay special attention to int/double conversion bugs
and passing ints to functions that expect doubles.
In carpInit() there is a bug with the value of "k". In the loop,
k needs to be incremented *before* its used. The internet-draft
begins with k=1, so the first time through the loop k should equal 2.
Added "carp" to cache manager for info and debugging.
I think there are still two bugs: (1) the draft says the multipliers
must be calculated in order of smallest to largest factor. We don't
do that yet. (2) the 'score' calculation needs to be converted to
double when we multiply by the multiplier. Otherwise there will
be overflows since the multiplier can be greater than 1.
wessels [Tue, 5 Dec 2000 16:11:24 +0000 (16:11 +0000)]
Argh, that last patch to src/store_dir.c is bogus. sd->log.clean.done
will never be NULL, it's sd->log.clean.state that's the problem.
Also, this way I get to fix it in four files, not just one.
wessels [Tue, 5 Dec 2000 15:55:47 +0000 (15:55 +0000)]
parse_peer() was checking for a self-configured peer, but its not
safe to call getMyHostname() before we parsed the whole config
file. Therefore, I moved this check into neighbors_open().
adrian [Mon, 27 Nov 2000 07:03:33 +0000 (07:03 +0000)]
Handle cancelled reads. diskdstate->flags_closing is now set and cleared
when a FD is opened and closed, and during storeDiskdReadDone() the
copy and callback are only made if the callbackdata is valid.
This differs from before where the copy would always take place, but
the callback would only occur if the callbackdata was valid.
Note that I'm assert()ing that flags_closing == 0 if the callbackdata is
valid. If this ever gets triggered, I think we have another problem ..
adrian [Sat, 25 Nov 2000 23:02:14 +0000 (23:02 +0000)]
few changes to fix for XMALLOC_DEBUG:
- check_free shouldn't be called with a NULL pointer
- I needed to increase DBG_ARRY_SZ to handle larger alloc count
(perhaps should we use realloc here to grow dynamically?)
- cf_gen.c used inconsitently alloc funcs: xcalloc() but free(),
resulting in check_free() to assert during make using cf_gen
adrian [Sat, 25 Nov 2000 21:51:04 +0000 (21:51 +0000)]
Replace safe_free() with the appropriate memFree() now that these two
objects are from memory pools. (I believe it was me who converted them
initially, but missed this..)
wessels [Wed, 22 Nov 2000 04:14:44 +0000 (04:14 +0000)]
Everywhere where Squid inserts text received from the network into
a HTML page (error pages, FTP listings, Gopher listings, ...) care
must be taken to ensure that the text is properly encoded as HTML,
or a malicious user might be able to insert script code or other
HTML tags, and exploit the web browser of any user visiting their
page or clicking on that funny link received in a email..
adrian [Sat, 18 Nov 2000 17:46:32 +0000 (17:46 +0000)]
Don't return NULL in createRemovalPolicy() if there is no match for
the given policy type. None of the FS code handles this correctly,
and it was causing SIGSEGVs when a cache_replacement_policy was not
set in squid.conf, defaulting to lru, and lru was not compiled in.
We now warn very loudly and die with an error. cache.log will tell the
user to check cache_replacement_policy and memory_replacement_policy
in their squid.conf file.
adrian [Wed, 15 Nov 2000 20:01:53 +0000 (20:01 +0000)]
Fixed the internal URL code to obey appendDomain for internal
objects if it needs appending. This fixes weirdnesses where
a machine can think it is "foo.bar.com", and "foo" is requested.
wessels [Wed, 15 Nov 2000 09:32:53 +0000 (09:32 +0000)]
DW:
- My recent clientLifetimeTimeout addition causes a memory leak because
cbdata was locked, but never unlocked if the timeout never happens.
Maybe its safe enough to assume that if the FD is open, and the
timeout triggers, that 'http' is valid.
adrian [Fri, 10 Nov 2000 16:04:50 +0000 (16:04 +0000)]
Store rebuild double-check cleanup by Robert Collins, slightly altered
by me.
This code implements a two-tiered doublecheck - -S reportonly which warns
for mismatched file lengths, and -S force which will unlink files which
fail a doublecheck. Actual file unlinking is also implemented now, so when
a double check is performed, it will actually clean up the cache store.
wessels [Fri, 10 Nov 2000 01:21:27 +0000 (01:21 +0000)]
DW:
- Rewrite of much of refreshCheck().
This was prompted by a bug report that we didn't properly handle the
must-revalidate directive. Indeed, we always caused a refresh
for must-revalidate. The spec says must-revalidate only takes effect
for stale responses.
I find the spec to be unclear on how to handle must-revalidate without
an explicit expiration time. Currently, if we have a response
that has must-revalidate, no expires, but the last-modified factor
rule says the reponse is fresh, then we don't force a validation.
Also added support for the max-stale request directive.
I changed some of the internal accounting to use status codes. In the
future it may be useful to have a "refresh.log" file so people can
figure out why a particular request got validated, or didn't.
wessels [Thu, 9 Nov 2000 03:22:16 +0000 (03:22 +0000)]
DW:
- Two bugs with yesterday's date parsing changes. (1) Need to incrment
past "," after strchr(), and (2) struct tm tm needs to be static
in parse_date2().
wessels [Wed, 8 Nov 2000 06:43:15 +0000 (06:43 +0000)]
Radu Greab (radu@netsoft.ro):
- If an AS contains networks with mask 0, when trying to view the
AS Number Database squid enters into an infinite loop. The patch
below fixes the problem.
wessels [Wed, 8 Nov 2000 06:37:35 +0000 (06:37 +0000)]
DW:
- Changes prompted by bug report that "Wed Aug 9 11:36:06 2000" could
not be parsed. The parse_rfc1123() code assumed there was an extra
space after Aug and before "9".
This change breaks the parsing into smaller functions to make the
code easier to read and understand.
I changed parsing of the "third" date format (asctime()) to use
a buffer copy and strtok. This makes it more flexible. For example,
we don't have to require strlen(s) < 24.
hno [Sun, 5 Nov 2000 06:04:09 +0000 (06:04 +0000)]
Cross-site scripting fixes by Robert Collins and Henrik Nordstrom
Everywhere where Squid inserts text received from the network into
a HTML page (error pages, FTP listings, Gopher listings, ...) care
must be taken to ensure that the text is properly encoded as HTML,
or a malicious user might be able to insert script code or other
HTML tags, and exploit the web browser of any user visiting their
page or clicking on that funny link received in a email..
wessels [Sat, 4 Nov 2000 00:03:54 +0000 (00:03 +0000)]
DW:
- A fix for problems relating to large DNS replies. RFC 1035 says
that DNS/UDP messages must be 512 octets or less. Some servers
(BIND on OS/2) are sending larger packets, but Squid was only
reading the first 512 octets. This could cause buffer overruns
in rfc1035.c.
This patch changes recv() to use the maximum UDP socket buffer
size. However, if we get a large reply we tell rfc1035.c that
we only got 512 octets. Thus, its a little safer if that code
has bugs and reads past 512.
wessels [Fri, 3 Nov 2000 23:43:58 +0000 (23:43 +0000)]
DW:
- If we discover a truncated packetin the middle of unpacking
a resource record, we need to zap RR fields that were already
unpacked. Otherwise we can end up with RR->class = RFC1035_CLASS_IN,
RR->type = RFC1035_TYPE_A, and RR->rdlenght = 0.
wessels [Thu, 2 Nov 2000 04:48:16 +0000 (04:48 +0000)]
DW:
- replacement should use SwapDir high/low values, not the global ones.
Made this patch for diskd some time ago, but never duplicated the
patch in all the other fs duplicated code.
adrian [Tue, 17 Oct 2000 14:06:01 +0000 (14:06 +0000)]
Andres Kroonmaa's MemPool tidyup, take 1. Take a whole bunch of
xmalloc/xcalloc's and replace them with mempool'ed versions of
things. Not everything has been converted, but this is a start.
Notable weirdnesses are:
* aufs - there are now a few pools which are used for string allocation
for things like object paths. This might not be the most optimal
solution but its better than what existed.
* pconn.c - an initial pconn FD set is mempool'ed, and if the pconn set
grows bigger than PCONN_FD_SZ it changes to xmalloc()
* client_side.c - the incoming request buffer is now initially mempooled,
of size CLIENT_REQ_BUF_SZ (4096 bytes atm). If it needs to grow, it
changes to xmalloc()
projects / thirdparty / squid.git / log
