From: Amos Jeffries Date: Tue, 20 May 2014 16:43:22 +0000 (-0700) Subject: Fix segfault setting up server SSL connnection X-Git-Tag: SQUID_3_3_13~2 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=9eba1abd147bf823b683e755185596319a91fc09;p=thirdparty%2Fsquid.git Fix segfault setting up server SSL connnection --- diff --git a/src/forward.cc b/src/forward.cc index d3e634ec1c..a7df1d9843 100644 --- a/src/forward.cc +++ b/src/forward.cc @@ -726,7 +726,8 @@ FwdState::negotiateSSL(int fd) // For intercepted connections, set the host name to the server // certificate CN. Otherwise, we just hope that CONNECT is using // a user-entered address (a host name or a user-entered IP). - const bool isConnectRequest = !request->clientConnectionManager->port->spoof_client_ip && + const bool isConnectRequest = request->clientConnectionManager.valid() && + !request->clientConnectionManager->port->spoof_client_ip && !request->clientConnectionManager->port->intercepted; if (request->flags.sslPeek && !isConnectRequest) { if (X509 *srvX509 = errDetails->peerCert()) { @@ -823,7 +824,8 @@ FwdState::initiateSSL() // unless it was the CONNECT request with a user-typed address. const char *hostname = request->GetHost(); const bool hostnameIsIp = request->GetHostIsNumeric(); - const bool isConnectRequest = !request->clientConnectionManager->port->spoof_client_ip && + const bool isConnectRequest = request->clientConnectionManager.valid() && + !request->clientConnectionManager->port->spoof_client_ip && !request->clientConnectionManager->port->intercepted; if (!request->flags.sslPeek || isConnectRequest) SSL_set_ex_data(ssl, ssl_ex_index_server, (void*)hostname);