From: Amos Jeffries <squid3@treenet.co.nz>
Date: Fri, 2 Oct 2009 08:11:13 +0000 (+1300)
Subject: Bug 2722: http_port accel combined with CONNECT has bizarre behaviour
X-Git-Tag: SQUID_3_0_STABLE20~16
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=64d40f3a340fd43631a6da09750fb49822f5549b;p=thirdparty%2Fsquid.git

Bug 2722: http_port accel combined with CONNECT has bizarre behaviour
---

diff --git a/src/client_side.cc b/src/client_side.cc
index dc0a3cc2ee..3f8cf77d82 100755
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1913,6 +1913,15 @@ parseHttpRequest(ConnStateData::Pointer & conn, HttpParser *hp, method_t * metho
     /* Set method_p */
     *method_p = HttpRequestMethod(&hp->buf[hp->m_start], &hp->buf[hp->m_end]);
 
+    /* deny CONNECT via accelerated ports */
+    if (*method_p == METHOD_CONNECT && conn && conn->port && conn->port->accel) {
+        debugs(33, DBG_IMPORTANT, "WARNING: CONNECT method received on " << conn->port->protocol << " Accelerator port " << conn->port->s.GetPort() );
+        /* XXX need a way to say "this many character length string" */
+        debugs(33, DBG_IMPORTANT, "WARNING: for request: " << hp->buf);
+        /* XXX need some way to set 405 status on the error reply */
+        return parseHttpRequestAbort(conn, "error:method-not-allowed");
+    }
+
     if (*method_p == METHOD_NONE) {
         /* AYJ: hp->buf is occasionally full of binary crap. Replace any non-printables with underscores.
                 Also crop the output at 100 chars, we should not need a whole binary streaming video to identify the issue