wessels [Tue, 19 Mar 2002 10:03:12 +0000 (10:03 +0000)]
Second attempt at fixing DNS answer bounds checking bugs. I mistakently
tested the previous fix with A lookups instead of PTR lookups. The A lookups
didn't test the new code and this other bug went undiscovered.
The primary bugfix in this commit is that both NameUnpack and RRUnpack
were incrementing the buffer offset variable when parsing a PTR answer.
This triggered an assertion. The new code passes a new offset pointer
to NameUnpack and makes sure that it used up the correct number of
octets.
wessels [Tue, 12 Mar 2002 05:04:53 +0000 (05:04 +0000)]
Security fixes.
These changes are the result of a report by zen-parse@gmx.net regarding
a bug in rfc1035NameUnpack(). When handling "compressed" names, we didn't
check the value of the "pointer" to make sure it points to inside the
reply buffer.
I changed the static unpack function interfaces so that instead of
returning a new offset value they now return success or failure.
The offset is passed as a pointer.
I added a fake DNS error code (15) for use when the reply message
is bogus or unsafe to parse. This is currently the only indication
of a problem. The implementation doesn't say why unpacking failed.
This library doesn't have any hooks to Squid's debugging/logging.
We could use syslog I suppose....
I tried to make sure that only programming bugs, not bogus replies,
can cause an assertion. i.e., some of the former assertions have
been changed to just return an error status.
adrian [Thu, 7 Mar 2002 19:11:26 +0000 (19:11 +0000)]
Fixes in clientSendMoreData() to fix a couple of strange panics.
* remove buf and size from the function argument list, and replace them
with retbuf and retsize. Declare buf and size as local variables which
reference the http->reqbuf and take into account the buffer offset
for that partial buffer munging thats going on.
adrian [Tue, 26 Feb 2002 22:48:09 +0000 (22:48 +0000)]
Bring across my first phase of commloops development.
This focused on turning storeClientCopy() into a stream-type callback,
trying to act like the stream storeAppend() is for the server side.
* storeClientCopy() has lost the seen_offset parameter
* storeClientCopy*() track the last copy offset and size, so the code
can _enforce_ that the modules using it have been converted into stream
routines properly
* all the modules using storeClientCopy() have been converted.
I'm sure there are remaining places where the stream enforce will be
triggered - these are the evil places noone speaks of, and will probably
be exorcised in the third round of commloops (which will probably be
a modio exercise.)
wessels [Mon, 25 Feb 2002 23:15:07 +0000 (23:15 +0000)]
From: Jordi Bruguera <jordi@dns1.grn.es>
Here I send an attachment with the catalan translation
for the squid error message files. Please include them
in the next release under the folder "Catalan".
hno [Thu, 14 Feb 2002 00:22:36 +0000 (00:22 +0000)]
Renamed memAllocBuf/memFreeBuf to memAllocString/memFreeString as these
buffers are not for generic purpose use.. Intend to add a generic purpose
allocator using the MEM_*_BUF types..
adrian [Tue, 1 Jan 2002 16:47:46 +0000 (16:47 +0000)]
Add the kqueue support code - its not very useful as it stands in
production because its missing support for deferred reads and delay
pools, but it survives heavy polygraph pounding and interactive
testing.
Fix up some stupid automake-related brokenness that I introduced earlier
while I'm at it.
projects / thirdparty / squid.git / log
