From 7a30dda9b6b505eb73caa27ceee06d1c67a8f1d6 Mon Sep 17 00:00:00 2001
From: Christos Tsantilas <chtsanti@users.sourceforge.net>
Date: Fri, 6 Dec 2013 05:19:41 -0700
Subject: [PATCH] Bug 3935: Invalid pointer dereference when peeking at origin
 server certificate

We must check request->clientConnectionManager pointer for validity before
dereferencing it.

This is a Measurement Factory project
---
 src/acl/Acl.h       | 3 ++-
 src/acl/InnerNode.h | 1 +
 2 files changed, 3 insertions(+), 1 deletion(-)

diff --git a/src/acl/Acl.h b/src/acl/Acl.h
index a4f4bee000..94c317c588 100644
--- a/src/acl/Acl.h
+++ b/src/acl/Acl.h
@@ -135,7 +135,7 @@ public:
 
     char name[ACL_NAME_SZ];
     char *cfgline;
-    ACL *next;
+    ACL *next; // XXX: remove or at least use refcounting
     ACLFlags flags; ///< The list of given ACL flags
     bool registered; ///< added to Config.aclList and can be reused via by FindByName()
 
@@ -247,6 +247,7 @@ public:
 MEMPROXY_CLASS_INLINE(acl_proxy_auth_match_cache);
 
 /// \ingroup ACLAPI
+/// XXX: find a way to remove or at least use a refcounted ACL pointer
 extern const char *AclMatchedName;	/* NULL */
 
 #endif /* SQUID_ACL_H */
diff --git a/src/acl/InnerNode.h b/src/acl/InnerNode.h
index 6f3b14446b..bd20dd5d25 100644
--- a/src/acl/InnerNode.h
+++ b/src/acl/InnerNode.h
@@ -40,6 +40,7 @@ protected:
     /* ACL API */
     virtual int match(ACLChecklist *checklist);
 
+    // XXX: use refcounting instead of raw pointers
     std::vector<ACL*> nodes; ///< children nodes of this intermediate node
 };
 
-- 
2.47.2