Amos Jeffries [Thu, 16 Oct 2014 18:39:55 +0000 (11:39 -0700)]
CBDATA: log memory leak situations when --enable-debug-cbdata
CBDATA objects are supposed to be explicitly locked and unlocked by all
users. The nominal 'owner' of the data is also supposed to mark it as
invalid when unlocking its reference.
If a CBDATA object reaches 0 locks and is still valid, it therefore
follows that either the locking or invalidate has not been properly
implemented.
Now that we are migrating to CbcPointer usage instead of explicit
lock/unlock macro calls we have started encountering these situations.
Any object reporting a 'leak' must be investigated;
a) perhapse RefCount is better?
b) using CbcPointer consistently and invalidating correctly.
Amos Jeffries [Thu, 9 Oct 2014 11:53:28 +0000 (04:53 -0700)]
Bug 4088: memory leak in external_acl_type helper with cache=0 or ttl=0
ExternalACLEntry / external_acl_entry objects have been abusing the
CBDATA API for reference counting and since 3.4 this has resulted in
hidden memory leaks as object accounting shows all locks released but
the memory is not freed by any 'owner'.
* convert to using RefCount<> API.
* move ExternalACLEntry pre-define to acl/forward.h
* add ExternalACLEntryPointer in acl/forward.h
* convert LookupDone() method to using explicit typed pointer
* convert from CBDATA_CLASS to MEMPROXY_CLASS memory management.
* convert almost all raw ExternalACLEntry* to Pointer
- remaining usage is in the cache hash pointers. Use an explicit 'cachd'
lock/unlock until this hash is updated to std:: structure types.
Alex Rousskov [Tue, 26 Aug 2014 16:22:01 +0000 (09:22 -0700)]
Use v3 for fake certificate if we add _any_ certificate extension.
We used to force v3 version only when adding the subjectAltName extension.
That broke sites that did not have subjectAltName but used other mimicked x509
extensions, when accessed through Firefox 31 (at least):
https://bugzilla.mozilla.org/show_bug.cgi?id=1045973
Fix %USER_CA_CERT_* and %CA_CERT_ external_acl formating codes
* The attribute part of the %USER_CA_CERT_xx and %CA_CERT_xx formating codes
is not parsed correctly, make these formating codes useless.
* The %USER_CA_CERT_xx documented wrongly
Joe Crayne [Sun, 13 Jul 2014 03:15:01 +0000 (21:15 -0600)]
Bug 3966: Add KeyEncipherment when ssl-bump substitues RSA for EC.
Libnss3, which is used by Firefox to verify the certificate chain, has
different requirements for RSA keys than it does for EC keys. In particular,
RSA keys with the keyUsage extension, must set the KeyEncipherment flag.
This fix was brought to you by the Samizdat project.
http://samizdat.childrenofmay.org
Non https connectiona on SSL-bump enabled port may stuck
This is can be seen on skype when try to connect to server using an
SSL-bump enabled squid port. Squid try to bump the connection, waiting
for ever
the ssl protocol header, and skype client waits for ever an answer from
the
server.
This patch sets the timeout to Config.Timeout.request (request_timeout)
Alex Rousskov [Sat, 21 Jun 2014 04:22:39 +0000 (22:22 -0600)]
Do not leak implicit ACLs during reconfigure.
Many ACLs implicitly created by Squid when grouping multiple ACLs were
not
destroyed because those implicit ACLs where not covered by the global
ACL
registry used for ACL destruction.
See also: r13210 which did not go far enough because it incorrectly
assumed
that all InnerNode() children are aclRegister()ed and, hence, will be
centrally freed.
Also, do not use cbdataFree() on non-POD Acl::Tree objects that have
destructors.
Amos Jeffries [Sat, 21 Jun 2014 04:19:58 +0000 (22:19 -0600)]
Portability: use 64-bit for X-Cache-Age header
While the value is expected to be well within 32-bit range some OS
(OpenBSD 5.5 at least) use 64-bit time_t. Use the larger type size for
calculations which also removes 32-bit wrap errors, and cast for older
systems.
Amos Jeffries [Sat, 21 Jun 2014 04:19:19 +0000 (22:19 -0600)]
Windows: fix various libip build issues
* Missing include ws2tcpip.h for IPv6 definitions
* Alternative IN6_ARE_ADDR_EQUAL definition required
* 'byte' is a reserved / system defined type on Windows,
resolve variable shadowing by renaming to ipbyte.
Alex Rousskov [Tue, 3 Jun 2014 07:12:54 +0000 (01:12 -0600)]
Do not leak ex_data for SSL state that survived reconfigure.
SSL_get_ex_new_index() allocates a new index on every call, even if its
parameters remain unchanged. It should be called once per process
lifetime.
Besides leaking, this 12 year-old(!) bug could probably make some SSL
code misbehave during reconfigure because reconfigure would change the
supposedly constant ex_data indexes.
Alex Rousskov [Tue, 3 Jun 2014 07:10:53 +0000 (01:10 -0600)]
Do not register the same Cache Manager action more than once
... to avoid wrong mgr:menu output and the impression of a reconfigure
memory leak.
The old code was comparing action object pointers, which could not work,
and was adding the same action on every reconfigure call for modules that
register with Cache Manager during [re]configuration.
We already have a working method for finding registered actions. Use it.
Currently note values printed with "%note" formating code, which contain non
alphanumeric characters, were quoted and quotes were then escaped, resulting
in bizarre logged rendition of empty or simple values (often received from
various helpers):
%22-%22
%22Default_Google%22
%22pg13,US%22
This patch:
- does not use quotes to print annotations
- allow system admin to define a separator to use for logged
annotations. The %note logformat accepts the following argument:
[name][:separator]
The separator can be one of the ',' ';' or ':'.
By default, multiple note values are separated with "," and multiple
notes are separated with "\r\n". When logging named notes with
%{name}note, the explicitly configured separator is used between note
values. When logging all notes with %note, the explicitly configured
separator is used between individual notes. There is currently no way to
specify both value and notes separators when logging all notes with %note.
- makes the Format::Token::data a struct (now is a union) and initialize
Format::Token::data data members in Format::Token::Token constructor.
Amos Jeffries [Fri, 2 May 2014 07:49:18 +0000 (00:49 -0700)]
Resolve 'dying from an unhandled exception: c'
CbcPointer<> is used from code outside of Job protection where it is
safe to use Must(). In order to get a useful backtrace we need to assert
immediately at the point of failure. Particularly necessary since these
are in generic operators used "everywhere" in the code.
Anatoli [Fri, 2 May 2014 07:47:32 +0000 (00:47 -0700)]
Fix order dependency between cache_dir and maximum_object_size
parse_cachedir() has a call to update_maxobjsize() which limits the
store_maxobjsize variable used as the internal maximum_object_size
variable of the store data structure) to the value of maximum_object_size
defined at the moment of execution of this function, for all stores (all
store directories). So if parse for cache_dir is called before
maximum_object_size, we get the effect of the default 4 MB.
BUT, when we get to parse maximum_object_size line(s) after the last
cache_dir, the maximum_object_size option is processed and only shown on
the cachemgr config page without having updated store_maxobjsize.
This is may cause problems in some cases where the code assume that the MemBuf
is always NULL terminated. For example when an ErrorState object try to use
an empty errorpage template.
This patch terminates the (empty) MemBuf on MemBuf::init method.
C++11: Upgrade auto-detection to use the formal -std=c++11
When the latest compilers added support for -std=c++11 they also dropped
the temporary -std=c++0x option without backward-compatible support. So
for the newest compilers we have not been testing the C++11 code.
As a result of this change Squid will no longer attempt to enable the
partial support in older compilers with -std=c++0x.
Also, update the compiler option test macro from autoconf project.
This patch fixes the following bug:
1) A user sends a CONNECT request with valid credentials
2) Squid checks the credentials and adds the user to the user cache
3) The same user sends a CONNECT request with invalid credentials
4) Squid overwrites the entry in the user cache and denies the second
CONNECT request
5) The user sends a GET request on the first SSL connection which is
established by now
6) Squid knows that it does not need to check the credentials on the
bumped connection but still somehow checks again whether the user is
successfully authenticated
7) Due to the second CONNECT request the user is regarded as not
successfully authenticated
8) Squid denies the GET request of the first SSL connection with 403
ERR_CACHE_ACCESS_DENIED
On proxies with Basic authentication and SSL bumping, this can be used
to prevent a legitimate user from making any HTTPS requests
Alex Rousskov [Sun, 9 Mar 2014 01:48:00 +0000 (18:48 -0700)]
Avoid assertions on Range requests that trigger Squid-generated errors.
Added HttpRequest::ignoreRange() to encapsulate range ignoring logic.
Currently the new method only contains the code common among all callers. More
work is needed to check whether further caller homogenization is possible.
Documented that ClientSocketContext::getNextRangeOffset() may sometimes be
called before it is ready to do its job.
Amos Jeffries [Sun, 9 Mar 2014 01:47:23 +0000 (18:47 -0700)]
Protect MemBlob::append() against raw-space writes
There is no guarantee that the 'unused' area of MemBlob is actually
unused. For example if a read buffer was being filled into the
rawSpace() of a SBuf or MemBlob it will overlap with this empty area
until a read call updates the related size state in MemBlob/SBuf.
For these cases we must use memmove() which guarantees no buffer
corruption will take place on memory overlaps.
Amos Jeffries [Sun, 9 Mar 2014 01:45:37 +0000 (18:45 -0700)]
Copyright: Relicense helpers by Treehouse Networks Ltd.
Update the license on helper code designed and authored by myself using
the BSD 2-clause license. This makes the example helper code and license
more legally acceptible for use as a basis of proprietary helpers while
remaining compatible with GPL for distribution with Squid.
Amos Jeffries [Sun, 9 Mar 2014 01:44:07 +0000 (18:44 -0700)]
Portability: define CMSG related structures individually
Some OS provide the CMSG related definitions and others only partially
define them. Sometimes (Windows particularly) this varies between build
environments.
Checking for each symbol separately and providing only those needed
avoids problems we have been having with missing or redefined symbols
on Windows and elsewhere.
Amos Jeffries [Wed, 5 Mar 2014 02:50:43 +0000 (19:50 -0700)]
Fix helper ID number assignment
Since helpers are now dynamically started the old method of allocating
an ID number based on the current start sequence can result in many
helpers being assigned overlapping ID numbers.
Use InstanceID template instead to assure a unique incremental ID is
assigned to each helper no matter when it is started.
1) The dynamic_cert_mem_cache_size does not change on reconfigure
2) When dynamic_cert_mem_cache_size of http_port set to 0 then:
a) The dynamic certs cache is grow unlimited.
This patch just disables certificates caching when this option set to 0.
b) Huge amount of memory appeared as free cache memory in "Cached ssl
certificates statistic" page of cache manager.
This problem caused because of a signed to unsigned int conversion.
Amos Jeffries [Tue, 18 Feb 2014 08:46:49 +0000 (01:46 -0700)]
Bug 4001: remove use of strsep()
The strsep() function is not defined by POSIX. Additionally
auto-tools has been having some obscure issues detecting
or linking the provided implementation into libcompat on
Windows and Solaris respectively. Which are the two known
OS requiring it.
Investigation of its use in Squid revealed that it can be
replaced with strcspan() which is both portable and more
efficient since it also removes the need for several
strdup()/free() operations used to protect Squid from
strsep() memory fiddling.
Amos Jeffries [Tue, 18 Feb 2014 08:43:02 +0000 (01:43 -0700)]
Move compat/unsafe.h protections from libcompat to source maintenance
It is sufficient to run a code scan from source-maintenance.sh for the
unsafe functions being used in Squid-specific code instead of
hard-coding compiler breakage on users.
This also "fixes" reporting of errors when cstdio pulls in use of the
unsafe functions by stdlib.
Bug 3969: user credentials cache lookup for Digest authentication broken
Changes to the username credentials cache were made in Basic auth but
the matching changes were not duplicated to Digest auth. Since the
lookup is identical move it to generic Auth::Config.
Amos Jeffries [Sun, 2 Feb 2014 02:47:38 +0000 (19:47 -0700)]
Fix peerSelectDnsResults() IP address cycling
The local ip variable is the index of the IP address to be used.
Loop counter n is only used to prevent cycling indefinitely and should
not be used to access the array indexes.
Patch written by 'dim [1]' contributor to FreeBSD and imported to Squid
under FreeBSD license. see
http://svnweb.freebsd.org/ports/head/www/squid33/files/patch-include__Array.h
When running Squid in SMP mode, the 'client_list' command cannot be used as the
coordinator doesn't call clientdbInit(), and thus doesn't have the client_list
action registered.
This patch uses RegisteredRunner to initialize clientdb and register the
'client_list' command
projects / thirdparty / squid.git / log
