From: Dmitry Kurochkin <dmitry.kurochkin@measurement-factory.com>
Date: Wed, 17 Apr 2013 00:52:34 +0000 (+0400)
Subject: FTP gateway: fix segfault processReplyBody() when adaptation is enabled.
X-Git-Tag: SQUID_3_5_0_1~117^2~70
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=adaff1245c862df0fb2037d7f0f1b4cc250882d2;p=thirdparty%2Fsquid.git

FTP gateway: fix segfault processReplyBody() when adaptation is enabled.

If adaptation is enabled, processReplyBody() may be called before
maybeReadVirginBody() when data.readBuf is not yet initialized.
---

diff --git a/src/FtpGatewayServer.cc b/src/FtpGatewayServer.cc
index 5758eb8eec..d5d90be202 100644
--- a/src/FtpGatewayServer.cc
+++ b/src/FtpGatewayServer.cc
@@ -161,7 +161,8 @@ ServerStateData::processReplyBody()
 
 #endif
 
-    if (const int csize = data.readBuf->contentSize()) {
+    if (data.readBuf != NULL && data.readBuf->hasContent()) {
+        const mb_size_t csize = data.readBuf->contentSize();
         debugs(9, 5, HERE << "writing " << csize << " bytes to the reply");
         addVirginReplyBody(data.readBuf->content(), csize);
         data.readBuf->consume(csize);
diff --git a/src/FtpServer.cc b/src/FtpServer.cc
index bb51afbfc1..0f739dfbf6 100644
--- a/src/FtpServer.cc
+++ b/src/FtpServer.cc
@@ -148,6 +148,15 @@ ServerStateData::start()
     scheduleReadControlReply(0);
 }
 
+void
+ServerStateData::initReadBuf()
+{
+    if (data.readBuf == NULL) {
+        data.readBuf = new MemBuf;
+        data.readBuf->init(4096, SQUID_TCP_SO_RCVBUF);
+    }
+}
+
 /**
  * Close the FTP server connection(s). Used by serverComplete().
  */
@@ -569,10 +578,8 @@ ServerStateData::maybeReadVirginBody()
     if (data.read_pending)
         return;
 
-    if (data.readBuf == NULL) {
-        data.readBuf = new MemBuf;
-        data.readBuf->init(4096, SQUID_TCP_SO_RCVBUF);
-    }
+    initReadBuf();
+
     const int read_sz = replyBodySpace(*data.readBuf, 0);
 
     debugs(11,9, HERE << "FTP may read up to " << read_sz << " bytes");
diff --git a/src/FtpServer.h b/src/FtpServer.h
index 5e7f02d70e..c59aad432c 100644
--- a/src/FtpServer.h
+++ b/src/FtpServer.h
@@ -86,6 +86,7 @@ public:
 protected:
     virtual void start();
 
+    void initReadBuf();
     virtual void closeServer();
     virtual bool doneWithServer() const;
     virtual void failedErrorMessage(err_type error, int xerrno);
diff --git a/src/ftp.cc b/src/ftp.cc
index d2732badaf..c512bd8a3a 100644
--- a/src/ftp.cc
+++ b/src/ftp.cc
@@ -411,6 +411,8 @@ FtpStateData::FtpStateData(FwdState *fwdState): AsyncJob("FtpStateData"),
 
     if (request->method == Http::METHOD_PUT)
         flags.put = 1;
+
+    initReadBuf();
 }
 
 FtpStateData::~FtpStateData()