There are cases where the generated certificates do not mimic enough
properties
and secure connection with the client fails. For example, Squid does not
mimic
Key Usage extensions. Clients using GnuTLS (or similar libraries that
validate
server certificate using those extensions) fail to secure the connection
with
Squid.
This patch add mimicking for the following extensions, which are
considered
as safe to mimic:
* X509v3 Key Usage
* X509v3 Extended Key Usage,
* X509v3 Basic Constraints CA.
We would be happy to add more "safe to mimic" extensions if users
request (and
vouch for) them.
Tianyin Xu [Mon, 28 Jan 2013 04:15:03 +0000 (21:15 -0700)]
Polish squid.conf parsing validation
* Updates ato*() functiosn to safer xato*() alternatives provided by
the Squid compat library. Along with error messages on invalid
configuration values detected by these.
* Add protection against integer overflow on most options
* Add parse deprecation messages on enable/disable for boolean and
and trilean options.
* Add 'wrong-value' error messages on most options.
Alex Rousskov [Mon, 28 Jan 2013 04:13:51 +0000 (21:13 -0700)]
Bug 3111: Mid-term fix for the forward.cc "err" assertion.
The assert is triggered when a close handler for the server connection
destroys FwdState before we have received anything from the origin
server.
Instead of asserting, we now respond with a 502 (Bad Gateway)
ERR_READ_ERROR.
That error seems the most appropriate single choice among available
ones, but
it may be misleading (in access.log) when the close handler was called
due to
client problems. Hopefully, another error will be logged in most of
those
cases.
Propagate pinned connection persistency and closures to the client.
Squid was trying hard to forward a request after pinned connection
failures
because some of those failures were benign pconn races. That meant
re-pinning
failed connections. After a few iterations to correctly handle
non-idempotent
requests, the code appeared to work, but the final design, with all the
added
complexity and related dangers was deemed inferior to the approach we
use now.
Squid now simply propagates connection closures (including pconn races)
to the
client. It is now the client responsibility not to send non-idempotent
requests
on idle persistent connections and to recover from pconn races.
Squid also propagates HTTP connection persistency indicators from client
to
server and back, to make client job feasible. Squid will send
Connection:close
and will close the client connection if the pinned server says so, even
if
Squid could still maintain a persistent connection with the client.
These changes are not mean to affect regular (not pinned) transactions.
In access.log, one can detect requests that were not responded to (due
to race
conditions on pinned connections) by searching for ERR_ZERO_SIZE_OBJECT
%err_code with TCP_MISS/000 status and zero response bytes.
Amos Jeffries [Mon, 28 Jan 2013 04:07:58 +0000 (21:07 -0700)]
squidpurge: display friendly errors on missing command line options
Currently the tool will crash with a segmentation fault if any one of
several command switches which are expected to have a mandatory argument
are in fact followed by nothing.
Detect these cases and display a message about what is missing.
Amos Jeffries [Tue, 22 Jan 2013 11:08:52 +0000 (04:08 -0700)]
Bug 3732: Fix ConnOpener IPv6 awareness
When updating IPv6 support for split-stack one USE_IPV6 wrapper was
omitted conversion to the EnabledIpv6 stack auto-detect mechanism.
This resulted in IPv6 addresses being mis-converted on split-stack
systems or with IPv6 disabled in the kernel and --enable-ipv6 built.
The visible symptom is "assert(FALSE)" in Ip::Address::GetAddrInfo().
Amos Jeffries [Tue, 22 Jan 2013 11:07:36 +0000 (04:07 -0700)]
Initialize mem_node fully
Experience in squid-2.7 shows that with MemPools use of malloc instead
of calloc mem_node requires full initialization in order to get accurate
memory accounting.
Alex Rousskov [Tue, 22 Jan 2013 11:06:18 +0000 (04:06 -0700)]
Fix "address.GetPort() != 0" assertion for helpers on FreeBSD (at least).
The order (or set of?) #include files used by src/ssl/helper.cc (and
probably by other helper source files) has changed recently, exposing a
defines.h dependency on sys/socket.h where that system header is
required to define AF_UNIX. With AF_UNIX incorrectly undefined,
IPC_STREAM was set to IPC_TCP_SOCKET instead of IPC_UNIX_STREAM, and
helpers that do not have a notion of a listening port, were trying to
create communication sockets using TCP streams, triggering a "must have
a port" assertion in comm_connect_addr() called from ipcCreate().
TODO: Moving IPC_* defines into an IPC-specific header file may be a
better solution then exposing all defines.h users to sys/socket.h.
Amos Jeffries [Tue, 22 Jan 2013 04:39:33 +0000 (21:39 -0700)]
WCCP: Fix memory leak in mask assignment, improve debuggsing.
* Release temporary weight array allocated on each HERE_I_AM packet sent
by Squid. For mask assignment these were not released properly and may
build up to a significant size of memory over time.
* Add debug traces to send() events to report failures sending packets
* Also, on HERE_I_AM event send() failure, reduce the timeout to 2sec
for the retry in a crude attempt to prevent router state flapping.
* Silence compiler warnings on use of connect() to disconnect a socket.
Inconsistent OS behaviour makes the result useless in this case.
Amos Jeffries [Wed, 9 Jan 2013 00:19:44 +0000 (17:19 -0700)]
Fix memory leaks in ICMP
InitAddrInfo() and GetAddrInfo() both allocate addrinfo structs which
must be freed by FreeAddrInfo(). Several places in ICMP were not doing
that free step.
Detected by Coverity Scan. Issues 740434, 740435, 740436, 740437.
Amos Jeffries [Wed, 9 Jan 2013 00:12:02 +0000 (17:12 -0700)]
Bug 3731: TOS setsockopt() requires int value
FreeBSD is confirmed errors on 8-bit variable size. Other BSD are
documented in a way that implies they do as well, although not at this
stage confirmed to be failing.
Linux seems to be the only confirmed system working with 8-bit size sent
to setsockopt(). So we revert this to 'int' (32-bit or 64-bit) as was
working in Squid 3.1.
Address issues for the defect classes:
- Array compared against 0
- Copy into fixed size buffer
- Dereference after null check
- Dereference before null check
Amos Jeffries [Wed, 2 Jan 2013 04:07:07 +0000 (21:07 -0700)]
Fix various issues in unit tests
* Define MemObject stub constructor to initialize teh stub object properly
apparently store unit tests needs one defined. Best to make it work and
set base values than leave garbage in the object fields.
* Buffer overrun on config parser if test is ever given a too-long
string input.
* Memory leak in HttpRequest testing. One instance of a short array.
* Range: header testing may thor exceptions which were not caught by the
test binary. Could lead to difficulty debugging exception errors.
Detected by Coverity Scan. Issues 740523, 740482, 740440, 740498
Amos Jeffries [Wed, 2 Jan 2013 04:01:34 +0000 (21:01 -0700)]
kqueue: update status from experimental to fully available net I/O method
kqueue has been in use on FreeBSD and maybe others for some time now and
has less bugs than epoll. So the issues on record should not be held
against it.
The attached patch adds auto-detection for the kqueue dependencies and
enables it by default when it can build. Unfortunately due to the
dependencies we cannot add it to maximus layer for force-enable, but the
default layer will test it on FreeBSD at least. It is still less
preferred than epoll(), but more than select() and poll().
Also fixes bug 3716 "build error on FreeBSD in kqueue"
Amos Jeffries [Sun, 2 Dec 2012 07:26:27 +0000 (00:26 -0700)]
Polish: Improve the messages output by UFS swap log management.
It also includes a small local variable symbol change from "new_path" to
"tmp_path" to prevent future developer mistakes like the one seen in
bug 3663 mistaking "new_path" for the new destination path of xrename().
Amos Jeffries [Thu, 29 Nov 2012 10:38:07 +0000 (03:38 -0700)]
Treat no-cache and must-revalidate in Authentication
Wrapped as a violation because this operation is off-spec.
CC:no-cache was omitted from the HTTP spec apparently on grounds that
changing its caching effects on authentication would come as a surprise.
The actual operation is safe enough to use when parameterless no-cache
is treated strictly as an alias for must-revalidate (as done by Squid now).
Alex Rousskov [Thu, 29 Nov 2012 10:37:22 +0000 (03:37 -0700)]
Make it possible to match empty header field values using req_header and rep_header.
Warning: Some req_header and rep_header ACLs that were [accidentally] not
matching empty headers (e.g., "^$" or ".*") will now start matching them.
A new HttpHeader::getByNameIfPresent() method is added to be able to detect
presence of empty header fields while ACLHTTPHeaderData::match() is adjusted
to convert undefined String values into empty c-strings ("") for
ACLRegexData::match() to work.
Prior to these changes, when trying to match an empty header value with a
regex like "^$", ACLHTTPHeaderData::match() would return false because:
* HttpHeader::getStrOrList() and getByName() return an undefined String.
* String::termedBuf() returns NULL for undefined Strings; and
* ACLRegexData::match() always fails on NULL c-strings.
Amos Jeffries [Thu, 29 Nov 2012 10:26:58 +0000 (03:26 -0700)]
Fix several buffer termination bugs
* strcpy() replaced in several places with strncpy() to ensure destination
buffers are not overflowed.
* strncpy() does not nul-terminate the destination when the string being
copied in exactly fills the buffer. Ensure we have terminated strings
where it may matter.
Detected by Coverity Scan. Issues 740309, 740310, 740311, 740481, 740483
Amos Jeffries [Sat, 24 Nov 2012 03:54:01 +0000 (20:54 -0700)]
Remove MemPoolChunked::memPID
This member variable appears to have been missed when MemPool was split
into generic framework and specific Chunked implementation.
(rev:10513.1.1 aka trunk rev:10517)
The memPID and its maintenance code was moved into MemImplementingAllocator
but this definition left here un-initialized and shadowing the framework
member.
Amos Jeffries [Sat, 24 Nov 2012 03:53:21 +0000 (20:53 -0700)]
negotiate_kerberos_auth: better bounds checking
* sysconf() may return -N values on some platforms or values larger than
the hard-coded 1024 buffer size for hostname. Use sizeof() instead
since the buffer is hardcoded anyway.
* also, use return instead of exit() on the test binary to reduce
warnings from static analysis compilers.
Amos Jeffries [Sat, 24 Nov 2012 03:40:43 +0000 (20:40 -0700)]
Various memory leaks in configuration parsing
This lot are all small issues derived from allocating new memory and
assigning to a pointer already pointing at previous allocation, or
passing xstrdup() output to a caller which does not directly hold the
passed memory.
Both cases will disappear once we clean up the string handling in Squid
but for now these still need fixing to avoid leaking memory.
Detected by Coverity Scan. Issues 740430, 740432, 740439.
Amos Jeffries [Sat, 24 Nov 2012 03:38:47 +0000 (20:38 -0700)]
Fix various assertion with side effects
When compiled with high optimization and assert disabled these operations
would have disappeared. The side effects being:
* Disk I/O failure protection disabled. Allowing loops in diskd write.
* squidpurge error handling on command line parse gone. Causing segfault.
* squidpurge 'I am Alive' ticker feature cease working.
Detected by Coverity Scan. Issues 740299, 740300, 740301, 740302, 740303
Amos Jeffries [Sat, 24 Nov 2012 02:13:27 +0000 (19:13 -0700)]
ntlm_fake_auth: Fix nesting error
Broken macro wrapping leads to the fake authenticator sending bad
responses to Squid. This can ead to users being rejected by the fake
helper whose purpose is to accept everything.
Amos Jeffries [Sat, 24 Nov 2012 01:58:47 +0000 (18:58 -0700)]
digest_edirectory_auth: improved error handling
Malicious response from LDAP server can cause squid helper to crash.
Missing realm value returned from LDAP without error/missing value being
indicated in the response can lead to strcmp() using a NULL pointer.
Extremely unlikely to happen in practice, but worth fixing.
Bug 3405: ssl_crtd crashes failing to remove certificate
- Try to update the index file in all cases the database modified
rows. Currently we are using the new operator.
- The find operator in database should not modify the database. Currently
if an entry is expired, ssl_crtd removes the cert file but does not
update the index file.
- Fix a small memory leak when remove entries from database: A row object
removed from TXT_DB indexes but never released.
This patch:
* Use OPENSSL_malloc and OPENSSL_free to allocate/release memory for
TXT_DB rows. OpenSSL SDK assumes that always allocated using these
functions.
* Add code in Ssl::CertificateDb::Row destructor to correctly release
a TXT_DB row.
* Add the sq_TXT_DB_delete and sq_TXT_DB_delete_row functions which
removes a row from TXT_DB indexes.
projects / thirdparty / squid.git / log
