From: Amos Jeffries Date: Fri, 25 Jul 2014 05:53:32 +0000 (-0700) Subject: Various audit updates X-Git-Tag: SQUID_3_5_0_1~75^2~20 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=3d74cb1f4590d7e4ed16dabb1da05e8e50c9f945;p=thirdparty%2Fsquid.git Various audit updates --- diff --git a/src/client_side.cc b/src/client_side.cc index 3c171e7e86..ba587b692a 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -2949,7 +2949,7 @@ static const SBuf Proxy20magic("\x0D\x0A\x0D\x0A\x00\x0D\x0A\x51\x55\x49\x54\x0A * Version 1 and 2 header currently supported. */ bool -ConnStateData::findProxyProtocolMagic() +ConnStateData::parseProxyProtocolHeader() { // http://www.haproxy.org/download/1.5/doc/proxy-protocol.txt @@ -2967,6 +2967,9 @@ ConnStateData::findProxyProtocolMagic() return proxyProtocolError("PROXY protocol error: invalid header"); } + // TODO: detect short non-magic prefixes earlier to avoid + // waiting for more data which may never come + // not enough bytes to parse yet. return false; } @@ -3168,7 +3171,7 @@ ConnStateData::clientParseRequests() PROF_start(parseHttpRequest); // try to parse the PROXY protocol header magic bytes - if (needProxyProtocolHeader_ && !findProxyProtocolMagic()) + if (needProxyProtocolHeader_ && !parseProxyProtocolHeader()) break; HttpParserInit(&parser_, in.buf.c_str(), in.buf.length()); @@ -3522,7 +3525,6 @@ ConnStateData::ConnStateData(const MasterXaction::Pointer &xact) : log_addr = xact->tcpClient->remote; log_addr.applyMask(Config.Addrs.client_netmask); - // XXX: should do this in start(), but SSL/TLS operations begin before start() is called if (port->disable_pmtu_discovery != DISABLE_PMTU_OFF && (transparent() || port->disable_pmtu_discovery == DISABLE_PMTU_ALWAYS)) { #if defined(IP_MTU_DISCOVER) && defined(IP_PMTUDISC_DONT) diff --git a/src/client_side.h b/src/client_side.h index 6d34e45370..9310612924 100644 --- a/src/client_side.h +++ b/src/client_side.h @@ -402,7 +402,7 @@ private: /* PROXY protocol functionality */ bool proxyProtocolValidateClient(); - bool findProxyProtocolMagic(); + bool parseProxyProtocolHeader(); bool parseProxy10(); bool parseProxy20(); bool proxyProtocolError(const char *reason = NULL);