From: Amos Jeffries <squid3@treenet.co.nz>
Date: Tue, 8 Sep 2009 10:08:10 +0000 (+1200)
Subject: Bug 2722: http_port accel combined with CONNECT has bizarre behaviour
X-Git-Tag: SQUID_3_2_0_1~730
X-Git-Url: http://git.ipfire.org/gitweb/?a=commitdiff_plain;h=adf296279d26389dd3daf28bd4243a4bfcaae549;p=thirdparty%2Fsquid.git

Bug 2722: http_port accel combined with CONNECT has bizarre behaviour
---

diff --git a/src/client_side.cc b/src/client_side.cc
index 6d5d77c598..1b05a90003 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -1989,6 +1989,15 @@ parseHttpRequest(ConnStateData *conn, HttpParser *hp, HttpRequestMethod * method
     /* Set method_p */
     *method_p = HttpRequestMethod(&hp->buf[hp->m_start], &hp->buf[hp->m_end]+1);
 
+    /* deny CONNECT via accelerated ports */
+    if (*method_p == METHOD_CONNECT && conn && conn->port && conn->port->accel) {
+        debugs(33, DBG_IMPORTANT, "WARNING: CONNECT method received on " << conn->port->protocol << " Accelerator port " << conn->port->s.GetPort() );
+        /* XXX need a way to say "this many character length string" */
+        debugs(33, DBG_IMPORTANT, "WARNING: for request: " << hp->buf);
+        /* XXX need some way to set 405 status on the error reply */
+        return parseHttpRequestAbort(conn, "error:method-not-allowed");
+    }
+
     if (*method_p == METHOD_NONE) {
         /* XXX need a way to say "this many character length string" */
         debugs(33, 1, "clientParseRequestMethod: Unsupported method in request '" << hp->buf << "'");