From: hno <> Date: Wed, 3 May 2000 03:21:05 +0000 (+0000) Subject: hno squid-2.3.STABLE1.http_reply_null_character.patch X-Git-Tag: SQUID_3_0_PRE1~1998 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=304d289eceac01c7cc5ab4fff1b1a405bf348cc0;p=thirdparty%2Fsquid.git hno squid-2.3.STABLE1.http_reply_null_character.patch Squid-2.3.STABLE1: Handle NULL characters in the server reply headers Squid failed to detect the end of the servers HTTP headers if the server wrongly responds with headers containing a NULL character. This could cause abnormal amount of used cache_mem during the request. (the server in question was mp3 streaming, virtuallu unlimited in size) --- diff --git a/ChangeLog b/ChangeLog index 26ae7a0f2e..c73c8376ef 100644 --- a/ChangeLog +++ b/ChangeLog @@ -53,6 +53,8 @@ Changes to Squid-2.4.DEVEL3 (): - squid.conf.default now indicates if a directive isn't enabled in the installed binary, and what configure option to use for enabling it - Fixed a temporary memory leak on persistent POSTs + - Fixed a temporary memory leak when the server response headers + includes NULL characters Changes to Squid-2.4.DEVEL2 (): diff --git a/src/http.cc b/src/http.cc index b1ed674d74..95f8e32192 100644 --- a/src/http.cc +++ b/src/http.cc @@ -1,6 +1,6 @@ /* - * $Id: http.cc,v 1.358 2000/05/02 18:51:51 hno Exp $ + * $Id: http.cc,v 1.359 2000/05/02 21:21:08 hno Exp $ * * DEBUG: section 11 Hypertext Transfer Protocol (HTTP) * AUTHOR: Harvest Derived @@ -327,10 +327,12 @@ httpProcessReplyHeader(HttpStateData * httpState, const char *buf, int size) if (httpState->reply_hdr == NULL) httpState->reply_hdr = memAllocate(MEM_8K_BUF); assert(httpState->reply_hdr_state == 0); - hdr_len = strlen(httpState->reply_hdr); + hdr_len = httpState->reply_hdr_size; room = 8191 - hdr_len; - strncat(httpState->reply_hdr, buf, room < size ? room : size); + memcpy(httpState->reply_hdr + hdr_len, buf, room < size ? room : size); hdr_len += room < size ? room : size; + httpState->reply_hdr[hdr_len] = '\0'; + httpState->reply_hdr_size = hdr_len; if (hdr_len > 4 && strncmp(httpState->reply_hdr, "HTTP/", 5)) { debug(11, 3) ("httpProcessReplyHeader: Non-HTTP-compliant header: '%s'\n", httpState->reply_hdr); httpState->reply_hdr_state += 2; @@ -340,9 +342,17 @@ httpProcessReplyHeader(HttpStateData * httpState, const char *buf, int size) t = httpState->reply_hdr + hdr_len; /* headers can be incomplete only if object still arriving */ if (!httpState->eof) { - size_t k = headersEnd(httpState->reply_hdr, 8192); - if (0 == k) - return; /* headers not complete */ + size_t k = headersEnd(httpState->reply_hdr, hdr_len); + if (0 == k) { + if (hdr_len >= 8191 || room == 0) { + debug(11, 3) ("httpProcessReplyHeader: Too large HTTP header: '%s'\n", httpState->reply_hdr); + httpState->reply_hdr_state += 2; + reply->sline.status = HTTP_INVALID_HEADER; + return; + } else { + return; /* headers not complete */ + } + } t = httpState->reply_hdr + k; } *t = '\0'; diff --git a/src/structs.h b/src/structs.h index da498ad748..76debdfecd 100644 --- a/src/structs.h +++ b/src/structs.h @@ -1,6 +1,6 @@ /* - * $Id: structs.h,v 1.326 2000/05/02 21:04:01 hno Exp $ + * $Id: structs.h,v 1.327 2000/05/02 21:21:09 hno Exp $ * * * SQUID Internet Object Cache http://squid.nlanr.net/Squid/ @@ -778,6 +778,7 @@ struct _HttpStateData { StoreEntry *entry; request_t *request; char *reply_hdr; + size_t reply_hdr_size; int reply_hdr_state; peer *peer; /* peer request made to */ int eof; /* reached end-of-object? */