From 0dd8cdf9a56d4b53178b002bd6dd747bf8e8c878 Mon Sep 17 00:00:00 2001 From: Amos Jeffries Date: Sun, 20 Nov 2016 05:06:10 +1300 Subject: [PATCH] Fix Null pointer dereferences after rev.14913 on_unsupported_protocol with non-HTTP requests occurs without an HTTP request object. Some ACLs will not be possible to check but that is not a reason to crash. Detected by Coverity Scan. Issue 1394291. --- src/client_side.cc | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/src/client_side.cc b/src/client_side.cc index 506867e9c2..b45094d4c5 100644 --- a/src/client_side.cc +++ b/src/client_side.cc @@ -3236,14 +3236,14 @@ ConnStateData::startPeekAndSplice() // This is the Step2 of the SSL bumping assert(sslServerBump); Http::StreamPointer context = pipeline.front(); - ClientHttpRequest *http = context ? context->http : NULL; + ClientHttpRequest *http = context ? context->http : nullptr; if (sslServerBump->step == Ssl::bumpStep1) { sslServerBump->step = Ssl::bumpStep2; // Run a accessList check to check if want to splice or continue bumping - ACLFilledChecklist *acl_checklist = new ACLFilledChecklist(Config.accessList.ssl_bump, sslServerBump->request.getRaw(), NULL); - acl_checklist->al = http ? http->al : NULL; + ACLFilledChecklist *acl_checklist = new ACLFilledChecklist(Config.accessList.ssl_bump, sslServerBump->request.getRaw(), nullptr); + acl_checklist->al = http ? http->al : nullptr; //acl_checklist->src_addr = params.conn->remote; //acl_checklist->my_addr = s->s; acl_checklist->banAction(allow_t(ACCESS_ALLOWED, Ssl::bumpNone)); @@ -3275,7 +3275,7 @@ ConnStateData::startPeekAndSplice() int ret = 0; if ((ret = Squid_SSL_accept(this, NULL)) < 0) { debugs(83, 2, "SSL_accept failed."); - HttpRequest::Pointer request = http->request; + HttpRequest::Pointer request(http ? http->request : nullptr); if (!clientTunnelOnError(this, context, request, HttpRequestMethod(), ERR_SECURE_ACCEPT_FAIL)) clientConnection->close(); return; -- 2.47.3