hno [Mon, 27 Aug 2001 04:22:43 +0000 (04:22 +0000)]
BUGFIX: Plug a large SSL memory leak. SSL connections was never freed.
Note: This is done in a quite crude manner, and there most likely is
better ways of doing this. Have investigated the use of a close handler
but it won't fit well with lingering closes.
hno [Fri, 24 Aug 2001 21:02:43 +0000 (21:02 +0000)]
BUGFIX: Certain non-fatal errors could case a client connection to hang
until connection timeout. For example after the following error:
clientReadRequest: FD 17: no data to process
wessels [Tue, 21 Aug 2001 11:54:13 +0000 (11:54 +0000)]
Bugzilla #215: NULL pointer access for proxy requests in accel-only mode
This patch fixes the bug by checking for NULL in aclIsProxyAuth().
If access is denied due to receipt of a proxy request with
'httpd_accel_with_proxy off' then AclMatchedName is NULL.
clientAccessCheckDone() calls aclIsProxyAuth() with the NULL pointer,
so the check could go into either function. It was cleaner to put
it in aclIsProxyAuth().
hno [Thu, 16 Aug 2001 06:16:15 +0000 (06:16 +0000)]
WIN32/Cygwin fixes by Guido
- Better GetOSVersion function, more squid "aware", added support for
Windows XP and future Windows versions.
- Added trap in WIN32_Subsystem_Init() for unknown or unsupported (WIN32s)
Windows version.
- Fixed compile warning in comm.c
- Changed exit() WIN32 hook, now less intrusive
adrian [Sun, 12 Aug 2001 16:20:41 +0000 (16:20 +0000)]
Add a (very evil) async IO framework. It doesn't do much - just get
the calls in there. The next (few) commits will be the async code.
Yes, yes, I know it should be "Generic", but I'm trying to get COSS
to "user testing" state, so this is the best 'comprimise'.
For now, COSS will use the libaio routines (or the sync stuff in
disk.c - the calling API is the same so wrapping stuff in an #ifdef
will be quite easy) which are available on Solaris, FreeBSD
and possibly Linux.
adrian [Sun, 12 Aug 2001 00:27:20 +0000 (00:27 +0000)]
The four-liner below alters fatal() so that fatal errors cause squid
to dump core rather than exit more-or-less-cleanly (of course, the actual
outcome depends on the user's ulimit settings).
Submitted by: Chemolli Francesco <ChemolliF@GruppoCredit.it>
adrian [Fri, 3 Aug 2001 21:12:57 +0000 (21:12 +0000)]
Latest NTLM snapshot code, courtesy of kinkie and robert.
<quote>
It's been a while coming... but Kinkie and I now have
probably-production ready NTLM code. It's gone past 1.5 million requests
without failing. The attached patch is a rollup of many minor fixes and
some enhancements:
* Digest: fix crash on shutdown
* ACL: New type max_user_ip to replace authenticate_ip_is_strict.
* ACL: Authenication refactored, to separate authentication and
authorisation as well as allow 'lazy auth' where authentication is
triggered by the presence of an authentication using ACL, not
necessarily "proxy_auth". I.e. using max_user_ip will trigger
authentication even if no proxy_auth acl's are defined.
* Authentication: API for schemes extended to allow handling duplicate
authentication on a authenticated _connection_ (yes NTLM again).
* Authentication: Authentication API extended to allow multiple IP's per
auth_user, and to allow authentication as an orthogonal process to
authorisation.
* NTLM: many minor races fixed. Should prevent the "Direction before
..." errors and the "Duplicate auth" + login popup bug.
* Delay pools: Support authentication (Non-NTLM)in delay pools acl's.
Beginnings of NTLM support for same.
* Helpers: Stateful helper bugfixes to prevent negative deferred helper
counts (which prevented ntlm challenge refreshing).
* configure: detect two more headers for NTLM compilation on some
platforms.
Limit memory used for select() statistics. It was allocating space for
up to SQUID_MAXFD active filedescriptors per select(), but we are
only interested in a much smaller range.
This statistics could use quite a bit of memory when SQUID_MAXFD is large
(think I measured something like 8MB for 16K filedescriptors)
Fix a 0-byte read condition while reading request bodies. We need to
stop reading when the buffer is full, and continue again when data
have been used. Thanks to Vladimir B. Savkin for finding this issue.
Also some cleanups in httpRequestFree()
* Permanently removed some old suspicious code Duane had found and commented out.
* Added a new comment at the same place, asking on the validity of the few next
lines. Looks like we are looking a bit too deap into the store entry
there..
This patch changes the mechanism for keeping track of unused shared
memory chunks. Instead of using a linked list, now we'll use a
bitmap. It should eliminate the problems I'm seeing on Alphas
where the linklist->ptr value has bit #33 mysteriously set. In
the new scheme, the shm chunk pointer is always recalculated based
on the index of the bitmap.
wessels [Sat, 30 Jun 2001 03:16:42 +0000 (03:16 +0000)]
Bugzilla #177: LinuxPPC 2000 segfault bug
The previous patch wasn't sufficient to fix this bug. We have to
call va_start() for each time the args will be used in some "v"
(vprintf, etc) function later on. This patch has been
tested on Joe's powerpc-unknown-linux-gnu system.
wessels [Fri, 29 Jun 2001 02:16:30 +0000 (02:16 +0000)]
Bugzilla #114
The patch for 2.4 is simple, but HEAD has changed a lot and I don't
know if the patch is necessary there, or whats the best way to do it.
As a cop-out, I added some annoying debug message asking users to
report whether or not it works correctly.
wessels [Wed, 27 Jun 2001 03:07:09 +0000 (03:07 +0000)]
Bugzilla #177
Joe Laffey points out that on LinuxPPC2000 (and probably QNX) calling
something like vsnprintf() or similar leaves the "args" parameter
unusable. Calling it again with the same "args" results in a coredump.
We have code to get around this in QNX by making a copy
of the args and calling va_start() twice.
This patch tries to address the problem by splitting the _db_print()
function into smaller parts, and passing the args as parameters to
the separate _db_print_file, _db_print_stderr, and _db_print_syslog
functions.
wessels [Wed, 27 Jun 2001 03:02:05 +0000 (03:02 +0000)]
The recent patch for Bugzilla #172 doesn't compile on HEAD, so I've
disabled it. Looks like we can't access the RFC931 string in
peerAllowedToUse() until we make some changes to data structures.
wessels [Tue, 26 Jun 2001 23:17:53 +0000 (23:17 +0000)]
Bugzilla #172: Ident Based ACLs fail when applied to cache_peer_access
The aclCheck_t structure passed for cache_peer_access didn't copy
the user_ident string from the request_t structure. Further evidence
that the multiple locations for ident/proxyauth username strings needs
to be fixed and probably rewritten.
wessels [Tue, 26 Jun 2001 22:44:24 +0000 (22:44 +0000)]
Bugzilla #165: "Store Mem Buffer" leaks badly
This fixes some excessive memory usage problems (for uncachable
responses only?) when 'maximum_object_size_in_memory' is not set
to a small value. It was probably a coding bug from long ago
that didn't occur much because 'maximum_object_size_in_memory'
used to be hard-coded to a small value (8KB).
wessels [Wed, 30 May 2001 23:40:26 +0000 (23:40 +0000)]
Oops, this should have been committed to head first and the 2.4 branch
second.
I am having some infrequent coredumps on DEC Alphas. Somehow, shared
memory pointers are gaining a high bit set, almost as though due to
an addition/subtraction overflow. One potential problem is that I
was storing the value of long pointer subtraction into a 32-bit integer.
I changed those integer offsets to off_t. However, the offset value
in the inter-process messages remains 32-bits to keep the message size
small and predictable.
hno [Wed, 23 May 2001 02:31:34 +0000 (02:31 +0000)]
Bugzilla #160:
> My problem is that the referer_log file is still at 0 bytes. This cannot be
> right. I have created a site with a clickthrough possibility, and it isn't
> logging the http_referer.
>
> Has anybody had simular experiences? Or can point me in the right direction?
>
I look into that. The variable holding the logfile struct just had no value
assigned. Here is a patch:
hno [Mon, 21 May 2001 10:50:57 +0000 (10:50 +0000)]
auth_rewrite update from Robert Collins
* src/authenticate.c
(authenticateValidateUser): Check for user scheme data.
Increase the debug level for "validated".
(authenticateFixHeader): Add a hint for internal responses versus
proxied responses. Use it to prevent erroneous challenges when external
sites request authentication.
* src/client_side.c
(clientRedirectDone): Reference lock any auth use when creating a
new request.
(clientBuildReplyHeader): Hint to authenticateFixHeader that this is
a proxied response.
* src/errorpage.c
(errorAppendEntry): Hint to authenticateFixHeader that this is an
internal response.
* src/helper.c
(helperStatefulSubmit): Handle broken allocators that don't clear memory.
Better descriptive comments.
Remove an redundant cbdata check.
* src/protos.h
(authenticateFixHeader): New prototype.
hno [Wed, 16 May 2001 13:47:00 +0000 (13:47 +0000)]
Documented a memory leak on SNMP initialization. Quite a large reorganisation
is requred to fix it, and it is only a small fixed amount so this have to
wait until later..
hno [Sun, 6 May 2001 20:25:21 +0000 (20:25 +0000)]
[win32.c was forgotten in the large commit]
This patch allows squid to read the DNS servers from the registry. Guido
has reintegrated the older NT-port code to do this, and upgraded it to
fit in squid more smoothly.
hno [Sat, 5 May 2001 23:49:53 +0000 (23:49 +0000)]
This patch allows squid to read the DNS servers from the registry. Guido
has reintegrated the older NT-port code to do this, and upgraded it to
fit in squid more smoothly.
projects / thirdparty / squid.git / log
