Alex Rousskov [Tue, 22 Jan 2013 11:06:18 +0000 (04:06 -0700)]
Fix "address.GetPort() != 0" assertion for helpers on FreeBSD (at least).
The order (or set of?) #include files used by src/ssl/helper.cc (and
probably by other helper source files) has changed recently, exposing a
defines.h dependency on sys/socket.h where that system header is
required to define AF_UNIX. With AF_UNIX incorrectly undefined,
IPC_STREAM was set to IPC_TCP_SOCKET instead of IPC_UNIX_STREAM, and
helpers that do not have a notion of a listening port, were trying to
create communication sockets using TCP streams, triggering a "must have
a port" assertion in comm_connect_addr() called from ipcCreate().
TODO: Moving IPC_* defines into an IPC-specific header file may be a
better solution then exposing all defines.h users to sys/socket.h.
Amos Jeffries [Tue, 22 Jan 2013 04:39:33 +0000 (21:39 -0700)]
WCCP: Fix memory leak in mask assignment, improve debuggsing.
* Release temporary weight array allocated on each HERE_I_AM packet sent
by Squid. For mask assignment these were not released properly and may
build up to a significant size of memory over time.
* Add debug traces to send() events to report failures sending packets
* Also, on HERE_I_AM event send() failure, reduce the timeout to 2sec
for the retry in a crude attempt to prevent router state flapping.
* Silence compiler warnings on use of connect() to disconnect a socket.
Inconsistent OS behaviour makes the result useless in this case.
Amos Jeffries [Wed, 9 Jan 2013 00:19:44 +0000 (17:19 -0700)]
Fix memory leaks in ICMP
InitAddrInfo() and GetAddrInfo() both allocate addrinfo structs which
must be freed by FreeAddrInfo(). Several places in ICMP were not doing
that free step.
Detected by Coverity Scan. Issues 740434, 740435, 740436, 740437.
Amos Jeffries [Wed, 9 Jan 2013 00:12:02 +0000 (17:12 -0700)]
Bug 3731: TOS setsockopt() requires int value
FreeBSD is confirmed errors on 8-bit variable size. Other BSD are
documented in a way that implies they do as well, although not at this
stage confirmed to be failing.
Linux seems to be the only confirmed system working with 8-bit size sent
to setsockopt(). So we revert this to 'int' (32-bit or 64-bit) as was
working in Squid 3.1.
Address issues for the defect classes:
- Array compared against 0
- Copy into fixed size buffer
- Dereference after null check
- Dereference before null check
Amos Jeffries [Wed, 2 Jan 2013 04:07:07 +0000 (21:07 -0700)]
Fix various issues in unit tests
* Define MemObject stub constructor to initialize teh stub object properly
apparently store unit tests needs one defined. Best to make it work and
set base values than leave garbage in the object fields.
* Buffer overrun on config parser if test is ever given a too-long
string input.
* Memory leak in HttpRequest testing. One instance of a short array.
* Range: header testing may thor exceptions which were not caught by the
test binary. Could lead to difficulty debugging exception errors.
Detected by Coverity Scan. Issues 740523, 740482, 740440, 740498
Amos Jeffries [Wed, 2 Jan 2013 04:01:34 +0000 (21:01 -0700)]
kqueue: update status from experimental to fully available net I/O method
kqueue has been in use on FreeBSD and maybe others for some time now and
has less bugs than epoll. So the issues on record should not be held
against it.
The attached patch adds auto-detection for the kqueue dependencies and
enables it by default when it can build. Unfortunately due to the
dependencies we cannot add it to maximus layer for force-enable, but the
default layer will test it on FreeBSD at least. It is still less
preferred than epoll(), but more than select() and poll().
Also fixes bug 3716 "build error on FreeBSD in kqueue"
Amos Jeffries [Sun, 2 Dec 2012 07:26:27 +0000 (00:26 -0700)]
Polish: Improve the messages output by UFS swap log management.
It also includes a small local variable symbol change from "new_path" to
"tmp_path" to prevent future developer mistakes like the one seen in
bug 3663 mistaking "new_path" for the new destination path of xrename().
Amos Jeffries [Thu, 29 Nov 2012 10:38:07 +0000 (03:38 -0700)]
Treat no-cache and must-revalidate in Authentication
Wrapped as a violation because this operation is off-spec.
CC:no-cache was omitted from the HTTP spec apparently on grounds that
changing its caching effects on authentication would come as a surprise.
The actual operation is safe enough to use when parameterless no-cache
is treated strictly as an alias for must-revalidate (as done by Squid now).
Alex Rousskov [Thu, 29 Nov 2012 10:37:22 +0000 (03:37 -0700)]
Make it possible to match empty header field values using req_header and rep_header.
Warning: Some req_header and rep_header ACLs that were [accidentally] not
matching empty headers (e.g., "^$" or ".*") will now start matching them.
A new HttpHeader::getByNameIfPresent() method is added to be able to detect
presence of empty header fields while ACLHTTPHeaderData::match() is adjusted
to convert undefined String values into empty c-strings ("") for
ACLRegexData::match() to work.
Prior to these changes, when trying to match an empty header value with a
regex like "^$", ACLHTTPHeaderData::match() would return false because:
* HttpHeader::getStrOrList() and getByName() return an undefined String.
* String::termedBuf() returns NULL for undefined Strings; and
* ACLRegexData::match() always fails on NULL c-strings.
Amos Jeffries [Thu, 29 Nov 2012 10:26:58 +0000 (03:26 -0700)]
Fix several buffer termination bugs
* strcpy() replaced in several places with strncpy() to ensure destination
buffers are not overflowed.
* strncpy() does not nul-terminate the destination when the string being
copied in exactly fills the buffer. Ensure we have terminated strings
where it may matter.
Detected by Coverity Scan. Issues 740309, 740310, 740311, 740481, 740483
Amos Jeffries [Sat, 24 Nov 2012 03:54:01 +0000 (20:54 -0700)]
Remove MemPoolChunked::memPID
This member variable appears to have been missed when MemPool was split
into generic framework and specific Chunked implementation.
(rev:10513.1.1 aka trunk rev:10517)
The memPID and its maintenance code was moved into MemImplementingAllocator
but this definition left here un-initialized and shadowing the framework
member.
Amos Jeffries [Sat, 24 Nov 2012 03:53:21 +0000 (20:53 -0700)]
negotiate_kerberos_auth: better bounds checking
* sysconf() may return -N values on some platforms or values larger than
the hard-coded 1024 buffer size for hostname. Use sizeof() instead
since the buffer is hardcoded anyway.
* also, use return instead of exit() on the test binary to reduce
warnings from static analysis compilers.
Amos Jeffries [Sat, 24 Nov 2012 03:40:43 +0000 (20:40 -0700)]
Various memory leaks in configuration parsing
This lot are all small issues derived from allocating new memory and
assigning to a pointer already pointing at previous allocation, or
passing xstrdup() output to a caller which does not directly hold the
passed memory.
Both cases will disappear once we clean up the string handling in Squid
but for now these still need fixing to avoid leaking memory.
Detected by Coverity Scan. Issues 740430, 740432, 740439.
Amos Jeffries [Sat, 24 Nov 2012 03:38:47 +0000 (20:38 -0700)]
Fix various assertion with side effects
When compiled with high optimization and assert disabled these operations
would have disappeared. The side effects being:
* Disk I/O failure protection disabled. Allowing loops in diskd write.
* squidpurge error handling on command line parse gone. Causing segfault.
* squidpurge 'I am Alive' ticker feature cease working.
Detected by Coverity Scan. Issues 740299, 740300, 740301, 740302, 740303
Amos Jeffries [Sat, 24 Nov 2012 02:13:27 +0000 (19:13 -0700)]
ntlm_fake_auth: Fix nesting error
Broken macro wrapping leads to the fake authenticator sending bad
responses to Squid. This can ead to users being rejected by the fake
helper whose purpose is to accept everything.
Amos Jeffries [Sat, 24 Nov 2012 01:58:47 +0000 (18:58 -0700)]
digest_edirectory_auth: improved error handling
Malicious response from LDAP server can cause squid helper to crash.
Missing realm value returned from LDAP without error/missing value being
indicated in the response can lead to strcmp() using a NULL pointer.
Extremely unlikely to happen in practice, but worth fixing.
Bug 3405: ssl_crtd crashes failing to remove certificate
- Try to update the index file in all cases the database modified
rows. Currently we are using the new operator.
- The find operator in database should not modify the database. Currently
if an entry is expired, ssl_crtd removes the cert file but does not
update the index file.
- Fix a small memory leak when remove entries from database: A row object
removed from TXT_DB indexes but never released.
This patch:
* Use OPENSSL_malloc and OPENSSL_free to allocate/release memory for
TXT_DB rows. OpenSSL SDK assumes that always allocated using these
functions.
* Add code in Ssl::CertificateDb::Row destructor to correctly release
a TXT_DB row.
* Add the sq_TXT_DB_delete and sq_TXT_DB_delete_row functions which
removes a row from TXT_DB indexes.
Amos Jeffries [Sun, 28 Oct 2012 05:27:14 +0000 (23:27 -0600)]
Remove Bungled warning on missing component directives
* Make Squid display a ERROR notice and ignore squid.conf directives
which belong to components disabled at build time instead of throwing
up 'FATAL: Bungled' message and aborting.
* Polish the 'requires X' message text for better display of cases like
'requires MS Windows' and 'requires Linux'
* Add 'requires X' message for --enable-auth, --enable-eui, and
--enable-ssl-crtd which were missing.
* Add debug 'filename' for if-none and postscriptum logging
Amos Jeffries [Sun, 28 Oct 2012 05:25:21 +0000 (23:25 -0600)]
Add constructore/destructor for Mgr::ActionPasswordList
Missing constructor for Mgr::ActionPasswordList resulted in invalid values
for next pointer and segmentation fault parsing multiple cachemgr_passwd
directives.
Missing destructor resulted in memory leaks on reconfigure and shutdown.
Amos Jeffries [Sat, 20 Oct 2012 11:29:46 +0000 (05:29 -0600)]
Remove the refresh_pattern ignore-no-cache option
With the HTTP/1.1 Cache-Control:no-cache compliance upgrade this option became
obsolete. Its main use-case was to force caching of responses which contained this
control. Revalidation is now happening and no-cache objects are cached by default.
The one remaining effect of ignoring no-cache is to prevent no-cache from allowing
authenticated responses being cached. Which is the opposite of its usually expected
result and allowing that change of behaviour would be counter productive.
Amos Jeffries [Sat, 20 Oct 2012 06:29:43 +0000 (00:29 -0600)]
HTTP/1.1: Cache-Control compliance upgrade
trunk rev 11361 converted Cache-Control header from using a single mask
bitmap (shared by request and response) to separate CC header objects in
the request response. This conversion contained several regressions like
the one bug 3670 reports.
This patch:
* documents HttpStateData::cacheableReply() clarifying the overall
method action and what each individual check it doing.
* resolves several visible regressions, including bug 3670.
* extends the caching to handle the "no-cache" controls as per HTTP/1.1
(MAY store, but MUST revalidate before use).
* extends the caching for several lesser known cases of "MAY store"
exemptions handling authenticated transactions.
* removes an old hack handling Pragme:no-cache (undefined in HTTP/1.1)
One side effect of now caching transactions utilizing "no-cache" is that
hacks around Pragma:no-cache are reduced to only having any effect when
Cache-Control is absent. Reducing their performance cost. And now require
--enable-http-violations is built in since HTTP/1.1 states that
response Pragma are not defined and thus SHOULD be ignored.
Amos Jeffries [Tue, 16 Oct 2012 23:46:45 +0000 (17:46 -0600)]
HTTP/1.1: honour Cache-Control before Pragma:no-cache
HTTPbis WG clarifications on the interaction between Cache-Control and
Pragma specify that Cache-Control may be explicitly crafted to allow
conditional caching by HTTP/1.1 caches and Pragma:no-cache supplied to
prevent caching by older HTTP/1.0 caches unable to understand the
Cache-Control properly.
Squid does obey Cache-Control. So we can deprecate Pragma to the side
cases when Cache-Control is absent entirely.
Alex Rousskov [Tue, 16 Oct 2012 23:46:07 +0000 (17:46 -0600)]
Reverted trunk r12255 changes. Provided a portable flexible arrays replacement.
Trunk r12255 made Clang compiler happy by removing flexible nonPod[] arrays.
Unfortunately, it also moved shared memory items into local memory (in some
cases uninitialized).
This change provides a Clang-friendly flexible array replacement while keeping
items in the shared memory (and using placement-new initialization). The code
may have become even less readable, but hopefully more portable.
N.B. Flexible arrays were introdiced in C99 standard, after C++ was
standardized in 1998. They are not yet in any revised C++ standard, but most
C++ compilers support them, at least for PODs.
Alex Rousskov [Tue, 16 Oct 2012 23:43:54 +0000 (17:43 -0600)]
Allow a ufs cache_dir entry to coexist with a shared memory cache entry
... instead of being released when it becomes idle.
The original boolean version of the StoreController::dereference() code
(r11730) was written to make sure that idle unlocked local store_table entries
are released if nobody needs them (to avoid creating inconsistencies with
shared caches that could be modified in a different process).
Then, in r11786, we realized that the original code was destroying non-shared
memory cache entries if there were no cache_dirs to vote for keeping them in
store_table. I fixed that by changing the StoreController::dereference() logic
from "remove if nobody needs it" to "remove if somebody objects to keeping
it". That solved the problem at hand, but prohibited an entry to exist in
a non-shared cache_dir and in a shared memory cache at the same time.
We now go back to the original "remove if nobody needs it" design but also
give non-shared memory cache a vote so that it can protect idle but suitable
for memory cache entries from being released if there are no cache_dirs to
vote for them.
This is a second revision of the fix. The first one (r12231) was reverted
because it did not pass tests/testRock unit tests on some platforms. The unit
tests assume that the entry slot is not locked after the entry is stored, but
the first revision of the fix allowed idle entries to remain in store_table
and, hence, their slots were locked and could not be replaced, causing
assertions. This revision allows the idle entry to be destroyed (and its slot
unlocked) if [non-shared] memory caching is disabled.
It is not clear why only some of the platforms were affected by this. Should
not memory caching be disabled everywhere during testRock (because testRock
does not set memory cache capacity and memory cache entry size limits)?
Amos Jeffries [Sat, 13 Oct 2012 06:07:11 +0000 (00:07 -0600)]
Portability: pass OS name to helper config.test scripts
This will help us perform OS-specific enable/disable rather than having
to identify some software or file that SHOULD exist only in those OS, but
which might exist elsewhere for weird reasons (ie windows.h).
NP: the $@ which was being passed was unused by any current config.test
Removed it and converted to fixed-position parameters for easier
script development.
projects / thirdparty / squid.git / log
