From bcf9fd86ee413ca0e5850cb71b25deb548cfb162 Mon Sep 17 00:00:00 2001
From: Amos Jeffries <squid3@treenet.co.nz>
Date: Thu, 5 Jun 2014 08:57:23 -0700
Subject: [PATCH] Fix error in rev.13417 "ssl_bump none" mode crashes squid

The fake CONNECT request generated to relay non-bumped traffic needs to
be pre-pended to any existing data in the ConnStateData::In buffer.
Otherwise our new bytes will corrupt any traffic bytes already in there
and our intended CONNECT request will never be recognised as we re-parse
the buffer.
---
 src/client_side.cc | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/client_side.cc b/src/client_side.cc
index cd7b74df61..1e889e89e2 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -3620,8 +3620,9 @@ httpsSslBumpAccessCheckDone(allow_t answer, void *data)
         // fake a CONNECT request to force connState to tunnel
         static char ip[MAX_IPSTRLEN];
         connState->clientConnection->local.toUrl(ip, sizeof(ip));
-        // XXX need to *pre-pend* this fake request to the TLS bits already in the buffer
-        connState->in.buf.append("CONNECT ").append(ip).append(" HTTP/1.1\r\nHost: ").append(ip).append("\r\n\r\n");
+        // Pre-pend this fake request to the TLS bits already in the buffer
+        SBuf retStr("CONNECT ").append(ip).append(" HTTP/1.1\r\nHost: ").append(ip).append("\r\n\r\n");
+        connState->in.buf = retStr.append(connState->in.buf);
         bool ret = connState->handleReadData();
         if (ret)
             ret = connState->clientParseRequests();
-- 
2.47.3