--- /dev/null
+Index: squid/src/acl.c
+diff -c squid/src/acl.c:1.270.2.14 squid/src/acl.c:1.270.2.15
+*** squid/src/acl.c:1.270.2.14 Tue May 6 13:54:28 2003
+--- squid/src/acl.c Wed May 7 13:55:00 2003
+***************
+*** 1424,1434 ****
+ case AUTH_ACL_HELPER:
+ debug(28, 4) ("aclMatchAcl: returning 0 sending credentials to helper.\n");
+ checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_NEEDED;
+! return 0;
+ case AUTH_ACL_CHALLENGE:
+ debug(28, 4) ("aclMatchAcl: returning 0 sending authentication challenge.\n");
+ checklist->state[ACL_PROXY_AUTH] = ACL_PROXY_AUTH_NEEDED;
+! return 0;
+ default:
+ fatal("unexpected authenticateAuthenticate reply\n");
+ return -1;
+--- 1424,1434 ----
+ case AUTH_ACL_HELPER:
+ debug(28, 4) ("aclMatchAcl: returning 0 sending credentials to helper.\n");
+ checklist->state[ACL_PROXY_AUTH] = ACL_LOOKUP_NEEDED;
+! return -1;
+ case AUTH_ACL_CHALLENGE:
+ debug(28, 4) ("aclMatchAcl: returning 0 sending authentication challenge.\n");
+ checklist->state[ACL_PROXY_AUTH] = ACL_PROXY_AUTH_NEEDED;
+! return -1;
+ default:
+ fatal("unexpected authenticateAuthenticate reply\n");
+ return -1;
+***************
+*** 1692,1702 ****
+ aclMatchAclList(const acl_list * list, aclCheck_t * checklist)
+ {
+ while (list) {
+ AclMatchedName = list->acl->name;
+ debug(28, 3) ("aclMatchAclList: checking %s%s\n",
+ list->op ? null_string : "!", list->acl->name);
+! if (aclMatchAcl(list->acl, checklist) != list->op) {
+! debug(28, 3) ("aclMatchAclList: returning 0\n");
+ return 0;
+ }
+ list = list->next;
+--- 1692,1708 ----
+ aclMatchAclList(const acl_list * list, aclCheck_t * checklist)
+ {
+ while (list) {
++ int answer;
+ AclMatchedName = list->acl->name;
+ debug(28, 3) ("aclMatchAclList: checking %s%s\n",
+ list->op ? null_string : "!", list->acl->name);
+! answer = aclMatchAcl(list->acl, checklist);
+! if (answer < 0) {
+! debug(28, 3) ("aclMatchAclList: failure. returning -1\n");
+! return -1;
+! }
+! if (answer != list->op) {
+! debug(28, 3) ("aclMatchAclList: no match, returning 0\n");
+ return 0;
+ }
+ list = list->next;
+***************
+*** 1719,1728 ****
+ aclCheckFast(const acl_access * A, aclCheck_t * checklist)
+ {
+ allow_t allow = ACCESS_DENIED;
+ debug(28, 5) ("aclCheckFast: list: %p\n", A);
+ while (A) {
+ allow = A->allow;
+! if (aclMatchAclList(A->acl_list, checklist)) {
+ aclCheckCleanup(checklist);
+ return allow == ACCESS_ALLOWED;
+ }
+--- 1725,1738 ----
+ aclCheckFast(const acl_access * A, aclCheck_t * checklist)
+ {
+ allow_t allow = ACCESS_DENIED;
++ int answer;
+ debug(28, 5) ("aclCheckFast: list: %p\n", A);
+ while (A) {
+ allow = A->allow;
+! answer = aclMatchAclList(A->acl_list, checklist);
+! if (answer) {
+! if (answer < 0)
+! return ACCESS_DENIED;
+ aclCheckCleanup(checklist);
+ return allow == ACCESS_ALLOWED;
+ }
+***************
+*** 1754,1759 ****
+--- 1764,1771 ----
+ debug(28, 3) ("aclCheck: checking '%s'\n", A->cfgline);
+ allow = A->allow;
+ match = aclMatchAclList(A->acl_list, checklist);
++ if (match == -1)
++ allow = ACCESS_DENIED;
+ if (checklist->state[ACL_DST_IP] == ACL_LOOKUP_NEEDED) {
+ checklist->state[ACL_DST_IP] = ACL_LOOKUP_PENDING;
+ ipcache_nbgethostbyname(checklist->request->host,
+***************
+*** 1807,1813 ****
+ debug(28, 1) ("aclCheck: Can't start ident lookup. No client connection\n");
+ cbdataUnlock(checklist->conn);
+ checklist->conn = NULL;
+! allow = 0;
+ match = -1;
+ }
+ }
+--- 1819,1825 ----
+ debug(28, 1) ("aclCheck: Can't start ident lookup. No client connection\n");
+ cbdataUnlock(checklist->conn);
+ checklist->conn = NULL;
+! allow = ACCESS_DENIED;
+ match = -1;
+ }
+ }