FTP gateway: fix segfault processReplyBody() when adaptation is enabled.

If adaptation is enabled, processReplyBody() may be called before
maybeReadVirginBody() when data.readBuf is not yet initialized.

diff --git a/src/FtpGatewayServer.cc b/src/FtpGatewayServer.cc
index 5758eb8eecb82bf67538f5393b08bcda90d52dff..d5d90be2023ff29c7bfb2f98d30c0cd8b31782b7 100644 (file)
--- a/src/FtpGatewayServer.cc
+++ b/src/FtpGatewayServer.cc
@@ -161,7 +161,8 @@ ServerStateData::processReplyBody()
 
 #endif
 
-    if (const int csize = data.readBuf->contentSize()) {
+    if (data.readBuf != NULL && data.readBuf->hasContent()) {
+        const mb_size_t csize = data.readBuf->contentSize();
         debugs(9, 5, HERE << "writing " << csize << " bytes to the reply");
         addVirginReplyBody(data.readBuf->content(), csize);
         data.readBuf->consume(csize);

diff --git a/src/FtpServer.cc b/src/FtpServer.cc
index bb51afbfc1909e5c1e7075c274f14d6b0690828c..0f739dfbf6994232dd8eb3b82d333768e34d6d41 100644 (file)
--- a/src/FtpServer.cc
+++ b/src/FtpServer.cc
@@ -148,6 +148,15 @@ ServerStateData::start()
     scheduleReadControlReply(0);
 }
 
+void
+ServerStateData::initReadBuf()
+{
+    if (data.readBuf == NULL) {
+        data.readBuf = new MemBuf;
+        data.readBuf->init(4096, SQUID_TCP_SO_RCVBUF);
+    }
+}
+
 /**
  * Close the FTP server connection(s). Used by serverComplete().
  */
@@ -569,10 +578,8 @@ ServerStateData::maybeReadVirginBody()
     if (data.read_pending)
         return;
 
-    if (data.readBuf == NULL) {
-        data.readBuf = new MemBuf;
-        data.readBuf->init(4096, SQUID_TCP_SO_RCVBUF);
-    }
+    initReadBuf();
+
     const int read_sz = replyBodySpace(*data.readBuf, 0);
 
     debugs(11,9, HERE << "FTP may read up to " << read_sz << " bytes");

diff --git a/src/FtpServer.h b/src/FtpServer.h
index 5e7f02d70e5ee1b9641bbb2490db09a88b9c1155..c59aad432c3e3dfa76c391dc3762851428729433 100644 (file)
--- a/src/FtpServer.h
+++ b/src/FtpServer.h
@@ -86,6 +86,7 @@ public:
 protected:
     virtual void start();
 
+    void initReadBuf();
     virtual void closeServer();
     virtual bool doneWithServer() const;
     virtual void failedErrorMessage(err_type error, int xerrno);

diff --git a/src/ftp.cc b/src/ftp.cc
index d2732badaf9860bf51091a034c51d9581f047055..c512bd8a3ada7d77056b665921ea255a1ac0fe50 100644 (file)
--- a/src/ftp.cc
+++ b/src/ftp.cc
@@ -411,6 +411,8 @@ FtpStateData::FtpStateData(FwdState *fwdState): AsyncJob("FtpStateData"),
 
     if (request->method == Http::METHOD_PUT)
         flags.put = 1;
+
+    initReadBuf();
 }
 
 FtpStateData::~FtpStateData()