From: Amos Jeffries <squid3@treenet.co.nz>
Date: Tue, 20 May 2014 16:40:06 +0000 (-0700)
Subject: Fix segfault setting up server SSL connnection
X-Git-Tag: SQUID_3_4_6~17
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1416d9d04ad016258085bd0ee8de81f9456b8f47;p=thirdparty%2Fsquid.git

Fix segfault setting up server SSL connnection
---

diff --git a/src/FwdState.cc b/src/FwdState.cc
index 6c65b3b368..9d793fa261 100644
--- a/src/FwdState.cc
+++ b/src/FwdState.cc
@@ -718,7 +718,8 @@ FwdState::negotiateSSL(int fd)
             // For intercepted connections, set the host name to the server
             // certificate CN. Otherwise, we just hope that CONNECT is using
             // a user-entered address (a host name or a user-entered IP).
-            const bool isConnectRequest = !request->clientConnectionManager->port->flags.isIntercepted();
+            const bool isConnectRequest = request->clientConnectionManager.valid() &&
+                                          !request->clientConnectionManager->port->flags.isIntercepted();
             if (request->flags.sslPeek && !isConnectRequest) {
                 if (X509 *srvX509 = errDetails->peerCert()) {
                     if (const char *name = Ssl::CommonHostName(srvX509)) {
@@ -964,7 +965,8 @@ FwdState::initiateSSL()
         // unless it was the CONNECT request with a user-typed address.
         const char *hostname = request->GetHost();
         const bool hostnameIsIp = request->GetHostIsNumeric();
-        const bool isConnectRequest = !request->clientConnectionManager->port->flags.isIntercepted();
+        const bool isConnectRequest = request->clientConnectionManager.valid() &&
+                                      !request->clientConnectionManager->port->flags.isIntercepted();
         if (!request->flags.sslPeek || isConnectRequest)
             SSL_set_ex_data(ssl, ssl_ex_index_server, (void*)hostname);