From edbd49641ee29c97104e3d560d98fef01618ccf0 Mon Sep 17 00:00:00 2001 From: Jakub Bogusz Date: Fri, 11 Feb 2005 13:10:30 +0000 Subject: [PATCH] - SEGV fix Changed files: squid-2.5.STABLE7-ntlm_segfault.patch -> 1.1 squid-2.5.STABLE7-post.patch -> 1.1 --- squid-2.5.STABLE7-ntlm_segfault.patch | 48 ++++++++++++++ squid-2.5.STABLE7-post.patch | 92 +++++++++++++++++++++++++++ 2 files changed, 140 insertions(+) create mode 100644 squid-2.5.STABLE7-ntlm_segfault.patch create mode 100644 squid-2.5.STABLE7-post.patch diff --git a/squid-2.5.STABLE7-ntlm_segfault.patch b/squid-2.5.STABLE7-ntlm_segfault.patch new file mode 100644 index 0000000..60661cd --- /dev/null +++ b/squid-2.5.STABLE7-ntlm_segfault.patch @@ -0,0 +1,48 @@ +Index: squid/src/auth/ntlm/auth_ntlm.c +diff -c squid/src/auth/ntlm/auth_ntlm.c:1.17.2.20 squid/src/auth/ntlm/auth_ntlm.c:1.17.2.21 +*** squid/src/auth/ntlm/auth_ntlm.c:1.17.2.20 Tue Dec 7 16:52:42 2004 +--- squid/src/auth/ntlm/auth_ntlm.c Thu Feb 3 16:22:12 2005 +*************** +*** 492,497 **** +--- 492,501 ---- + auth_user_request = r->auth_user_request; + ntlm_request = auth_user_request->scheme_data; + assert(ntlm_request != NULL); ++ if (!ntlm_request->authserver) ++ ntlm_request->authserver = srv; ++ else ++ assert(ntlm_request->authserver == srv); + + /* seperate out the useful data */ + if (strncasecmp(reply, "TT ", 3) == 0) { +*************** +*** 507,513 **** + /* and we satisfy the request that happended on the refresh boundary */ + /* note this code is now in two places FIXME */ + assert(ntlm_request->auth_state == AUTHENTICATE_STATE_NEGOTIATE); +- ntlm_request->authserver = srv; + ntlm_request->authchallenge = xstrdup(reply); + helperstate->challengeuses = 1; + } else if (strncasecmp(reply, "AF ", 3) == 0) { +--- 511,516 ---- +*************** +*** 537,543 **** + /* we only expect LD when finishing the handshake */ + assert(ntlm_request->auth_state == AUTHENTICATE_STATE_RESPONSE); + ntlm_user->username = xstrdup(reply); +- helperstate = helperStatefulServerGetData(ntlm_request->authserver); + /* BH code: mark helper as broken */ + authenticateNTLMResetServer(ntlm_request); + debug(29, 4) ("authenticateNTLMHandleReply: Error validating user via NTLM. Error returned '%s'\n", reply); +--- 540,545 ---- +*************** +*** 561,568 **** + ntlm_user = auth_user->scheme_data; + ntlm_request = auth_user_request->scheme_data; + assert((ntlm_user != NULL) && (ntlm_request != NULL)); +- assert(!ntlm_request->authserver || ntlm_request->authserver == srv); +- helperstate = helperStatefulServerGetData(ntlm_request->authserver); + authenticateNTLMResetServer(ntlm_request); + if (ntlm_request->auth_state == AUTHENTICATE_STATE_NEGOTIATE) { + /* The helper broke on YR. It automatically +--- 563,568 ---- diff --git a/squid-2.5.STABLE7-post.patch b/squid-2.5.STABLE7-post.patch new file mode 100644 index 0000000..a8a4ad2 --- /dev/null +++ b/squid-2.5.STABLE7-post.patch @@ -0,0 +1,92 @@ +Index: squid/src/client_side.c +diff -c squid/src/client_side.c:1.561.2.69 squid/src/client_side.c:1.561.2.70 +*** squid/src/client_side.c:1.561.2.69 Fri Jan 21 04:53:42 2005 +--- squid/src/client_side.c Thu Feb 3 17:10:09 2005 +*************** +*** 933,941 **** + authenticateAuthUserRequestUnlock(connState->auth_user_request); + connState->auth_user_request = NULL; + authenticateOnCloseConnection(connState); +! if (connState->in.size == CLIENT_REQ_BUF_SZ) + memFree(connState->in.buf, MEM_CLIENT_REQ_BUF); +! else + safe_free(connState->in.buf); + /* XXX account connState->in.buf */ + pconnHistCount(0, connState->nrequests); +--- 933,942 ---- + authenticateAuthUserRequestUnlock(connState->auth_user_request); + connState->auth_user_request = NULL; + authenticateOnCloseConnection(connState); +! if (connState->in.size == CLIENT_REQ_BUF_SZ) { + memFree(connState->in.buf, MEM_CLIENT_REQ_BUF); +! connState->in.buf = NULL; +! } else + safe_free(connState->in.buf); + /* XXX account connState->in.buf */ + pconnHistCount(0, connState->nrequests); +*************** +*** 3003,3011 **** + } + /* Continue to process previously read data */ + } + /* Process request body if any */ +! if (conn->in.offset > 0 && conn->body.callback != NULL) + clientProcessBody(conn); + /* Process next request */ + while (conn->in.offset > 0 && conn->body.size_left == 0) { + int nrequests; +--- 3004,3018 ---- + } + /* Continue to process previously read data */ + } ++ cbdataLock(conn); /* clientProcessBody might pull the connection under our feets */ + /* Process request body if any */ +! if (conn->in.offset > 0 && conn->body.callback != NULL) { + clientProcessBody(conn); ++ if (!cbdataValid(conn)) { ++ cbdataUnlock(conn); ++ return; ++ } ++ } + /* Process next request */ + while (conn->in.offset > 0 && conn->body.size_left == 0) { + int nrequests; +*************** +*** 3175,3181 **** + break; + } else { + clientAccessCheck(http); +- continue; /* while offset > 0 && body.size_left == 0 */ + } + } else if (parser_return_code == 0) { + /* +--- 3182,3187 ---- +*************** +*** 3195,3205 **** + *H = http; + http->entry = clientCreateStoreEntry(http, METHOD_NONE, null_request_flags); + errorAppendEntry(http->entry, err); +- return; + } + break; + } + } /* while offset > 0 && conn->body.size_left == 0 */ + /* Check if a half-closed connection was aborted in the middle */ + if (F->flags.socket_eof) { + if (conn->in.offset != conn->body.size_left) { /* != 0 when no request body */ +--- 3201,3215 ---- + *H = http; + http->entry = clientCreateStoreEntry(http, METHOD_NONE, null_request_flags); + errorAppendEntry(http->entry, err); + } + break; + } ++ if (!cbdataValid(conn)) { ++ cbdataUnlock(conn); ++ return; ++ } + } /* while offset > 0 && conn->body.size_left == 0 */ ++ cbdataUnlock(conn); + /* Check if a half-closed connection was aborted in the middle */ + if (F->flags.socket_eof) { + if (conn->in.offset != conn->body.size_left) { /* != 0 when no request body */ -- 2.44.0