Bug 3935: Invalid pointer dereference when peeking at origin server certificate

We must check request->clientConnectionManager pointer for validity before
dereferencing it.

This is a Measurement Factory project

diff --git a/src/acl/Acl.h b/src/acl/Acl.h
index a4f4bee0000bdfb397388a500c7b63b1c418480c..94c317c58849afe5cfc75d82503a2b55aa3db4f9 100644 (file)
--- a/src/acl/Acl.h
+++ b/src/acl/Acl.h
@@ -135,7 +135,7 @@ public:
 
     char name[ACL_NAME_SZ];
     char *cfgline;
-    ACL *next;
+    ACL *next; // XXX: remove or at least use refcounting
     ACLFlags flags; ///< The list of given ACL flags
     bool registered; ///< added to Config.aclList and can be reused via by FindByName()
 
@@ -247,6 +247,7 @@ public:
 MEMPROXY_CLASS_INLINE(acl_proxy_auth_match_cache);
 
 /// \ingroup ACLAPI
+/// XXX: find a way to remove or at least use a refcounted ACL pointer
 extern const char *AclMatchedName;     /* NULL */
 
 #endif /* SQUID_ACL_H */

diff --git a/src/acl/InnerNode.h b/src/acl/InnerNode.h
index 6f3b14446b85fe6c4fb90ad1266336e4b378b250..bd20dd5d258d6525e3bccafd06bbe587be73c801 100644 (file)
--- a/src/acl/InnerNode.h
+++ b/src/acl/InnerNode.h
@@ -40,6 +40,7 @@ protected:
     /* ACL API */
     virtual int match(ACLChecklist *checklist);
 
+    // XXX: use refcounting instead of raw pointers
     std::vector<ACL*> nodes; ///< children nodes of this intermediate node
 };