There seems to be a race condition which may leave small objects (<4KB) in an
inconsistent internal state where Squid thinks the object is kept in memory
but part of it has been freed..
hno [Thu, 30 Aug 2007 19:50:24 +0000 (19:50 +0000)]
Bug #2058: deny_info TCP_RESET crashes squid
There was a race condition in request processing, easily triggered by using
deny_info TCP_RESET and denying access. It's very likely the problem could
also be triggered by other conditions where Squid very quickly closes the
client connection.
Was caused by a malplaced isClosed() condition. Moved this down to after the
request processing where it belongs.
This patch also adds some safeguards make further request processing stop and
avoid risking referencing the fd as valid after close.
Additionally connStateFree was renamed to the more appropriate connStateClosed
as all it does is to make the connState aware that the underlying fd has been
closed.
hno [Thu, 30 Aug 2007 19:15:13 +0000 (19:15 +0000)]
Bug #2028: Segmentation fault on http_reply_access deny
http_reply_access deny triggered an infinite recursion, eventually ending
up in a segmentation fault.
This patch builds on the previous patch to also exclude http_reply_access
deny error responses from further http_reply_access processing.
Note: When a request is denied by http_reply_access the internal client is
reset to attach it to the error page instead, making http_reply_access be
invoked again on the error.
hno [Thu, 30 Aug 2007 19:03:42 +0000 (19:03 +0000)]
Bug #2028: FATAL error if using http_reply_access in combination with authentication
The attached patch bypasses http_reply_access on access denied messages
generated by this Squid, and also optimizes processing slightly in the
common case of not using any http_reply_access rules at all.
hno [Thu, 30 Aug 2007 04:58:26 +0000 (04:58 +0000)]
Kill the test referring to get_epoll-lib.sh, it's not needed.
Test was broken, and
a) Only triggers if the undocumented --enable-epoll option is used
b) The script isn't even distributed with Squid-3, only Squid-2.
c) I think it's fair to let admins insisting on using epoll on a system not
built with epoll support have to do a bit of homework.
hno [Wed, 29 Aug 2007 04:35:29 +0000 (04:35 +0000)]
Bug #2057: NTLM stop work in messengers after upgrade to squid 2.6 stable 14
There is clients out there who only signal keep-alive during the NTLM
handshake, not on the final request. For example seen on CONNECT requests.
This patch makes Squid automatically fall back on Basic/Digest if NTLM
or Negotiate authentication can not be performed. Detected by seeing a
challenge from the helper on a non-persistent connection.
amosjeffries [Sun, 26 Aug 2007 08:32:52 +0000 (08:32 +0000)]
Add --with-default-user=USER option to squid.
This option allows configure-time control of the default user which squid
uses to run as low-privileges. The default remains 'nobody' as in other
squid releases. Similarly the cache_effective_user squid.conf setting will
override any default set here.
hno [Fri, 24 Aug 2007 23:56:45 +0000 (23:56 +0000)]
Make tcp_recv_bufsize apply to send buffers as well, in an attempt to control window scaling
the main reason to set tcp_recv_bufsize is to avoid problems related to large
windows. For example many firewalls still have problems with window scaling.
this change makes the option apply to send buffers as well, and also hints
Linux that Squid will never increase the buffer so the window scaling should
be clamped to the indicated buffer size.
serassio [Wed, 15 Aug 2007 01:17:43 +0000 (01:17 +0000)]
Fix build errors on HP Tru64 Unix and may be others
- xusleep.c: on Tru64 timeval is defined in sys/time.h
- move the definition of ISO C99 Standard printf() macros for 64 bit
integers from squid.h to squid_types.h
rousskov [Mon, 13 Aug 2007 22:48:20 +0000 (22:48 +0000)]
Bug #2016 fix: Prevent BodyPipe async calls from getting seemingly
out of order and causing truncated responses, especially with ICAP.
When BodyPipe consumer is gone, all async calls for that consumer must not
reach the next consumer (if any). Similarly, we should not schedule async calls
when no consumer has been registered yet.
Otherwise, the calls may go out of order if _some_ calls are dropped due to
the ultimate destination being temporary NULL. The new code does not schedule
async calls until consumer is registered. The new code also keeps track of the
number of outstanding events and skips that number if the consumer leaves.
TODO: when AscyncCall support is improved, should we just schedule calls
directly to consumer? It could be a much cleaner solution than counting
pending calls and skipping them when needed.
amosjeffries [Mon, 13 Aug 2007 05:57:28 +0000 (05:57 +0000)]
Fix bug 1560 : Bad filedescriptor in ftpSend actions.
This was caused by some FTP operations failing and calling the ftpFail
properly, but then going on to call an ftpSend.
It may also occur when a ftpSend event is scheduled prior to the server
control channel dying or being closed.
This patch adds a function haveControlChannel(const char *caller_name)
which displays a debug notice at level 3 and returns false if the server
control channels are not available. This is now called by each Sending
operation before it begins.
serassio [Sat, 11 Aug 2007 19:27:27 +0000 (19:27 +0000)]
Windows port: workaround for fatal build error using latest MinGW
Using the latest MinGW (gcc 3.4.5 + mingw-runtime 3.13) we cannot build with
-Wmissing-prototypes -Wmissing-declarations gcc options due to some heavy
tricks contained in own MinGW include files.