v4
Name already in use
Commits on Sep 22, 2022
-
Bug 3193 pt2: NTLM decoder truncating strings (#1114)
The initial bug fix overlooked large 'offset' causing integer wrap to extract a too-short length string. Improve debugs and checks sequence to clarify cases and ensure that all are handled correctly.
-
Commits on Jun 18, 2022
Commits on Sep 29, 2021
-
WCCP: Validate packets better (#899)
Update WCCP to support exception based error handling for parsing and processing we are moving Squid to for protocol handling. Update the main WCCPv2 parsing checks to throw meaningful exceptions when detected.
Commits on Jun 17, 2021
-
Bug 4528: ICAP transactions quit on async DNS lookups (#795)
The bug directly affected some ICAP OPTIONS transactions and indirectly affected some ICAP REQMOD/RESPMOD transactions: * OPTIONS: When a transaction needed to look up an IP address of the ICAP service, and that address was not cached by Squid, it ended prematurely because Adaptation::Icap::Xaction::doneAll() was unaware of ipcache_nbgethostbyname()'s async nature. This bug is fixed now. * REQMOD/RESPMOD: Adaptation::Icap::ModXact masked the _direct_ effects of the bug: ModXact::startWriting() sets state.writing before calling openConnection() which schedules the DNS lookup. That "I am still writing" state makes ModXact::doneAll() false while a REQMOD or RESPMOD transaction waits for the DNS lookup. However, REQMOD and RESPMOD transactions that require an OPTIONS transaction (because the service options have never been fetched before or have expired) could still fail because the OPTIONS transaction they trigger could fail as described in the first bullet. For example, the first few REQMOD and RESPMOD transactions for a given service -- all those started before the DNS lookup completes and Squid caches its result -- could fail this way. With the OPTIONS now fixed, these REQMOD and RESPMOD transactions should work correctly. Broken since inception (commit fb505fa).
-
Bug 5129 pt1: remove Lock use from HttpRequestMethod (#825)
Removes the need for a custom assignment operator with a questionable implementation, addressing compiler and static analysis warnings.
-
Fix --with-valgrind-debug build broken by commit 02f5357 (#822)
error: cbdata_htable was not declared in this scope
-
Bug 5128: Translation: Fix % i typo in es/ERR_FORWARDING_DENIED (#821)
| ERROR: .../es/ERR_FORWARDING_DENIED: Unsupported error page %code near % i es un... Typo added in bbeb83f.
Commits on May 7, 2021
-
Replace cbdata::Offset hack with offsetof() (#809)
Also remove unused OFFSET_OF macro.
-
Stop processing a response if the Store entry is gone (#806)
HttpStateData::processReply() is usually called synchronously, after checking the Store entry status, but there are other call chains. StoreEntry::isAccepting() adds STORE_PENDING check to the ENTRY_ABORTED check. An accepting entry is required for writing into Store. In theory, an entry may stop accepting new writes (without being aborted) if FwdState or another entry co-owner writes an error response due to a timeout or some other problem that happens while we are waiting for an I/O callback or some such. N.B. HTTP and FTP code cannot use StoreEntry::isAccepting() directly because their network readers may not be the ones writing into Store -- the content may go through the adaptation layer first and that layer might complete the store entry before the entire peer response is received. For example, imagine an adaptation service that wants to log the whole response containing a virus but also replaces that (large) response with a small error reply.
-
Bug 5106: Broken cache manager URL parsing (#788)
Use already parsed request-target URL in cache manager and update CacheManager to Tokanizer based URL parse Removing use of sscan() and regex string processing which have proven to be problematic on many levels. Most particularly with regards to tolerance of normally harmless garbage syntax in URLs received. Support for generic URI schemes is added possibly resolving some issues reported with ftp:// URL and manager access via ftp_port sockets. Truly generic support for /squid-internal-mgr/ path prefix is added, fixing some user confusion about its use on cache_object: scheme URLs. TODO: support for single-name parameters and URL #fragments are left to future updates. As is refactoring the QueryParams data storage to avoid SBuf data copying.
-
Fix GCC 10.2.0 build on Ubuntu Hirsute s390x (#796)
GCC reports error: free-nonheap-object: snmp_core.cc(950): snmpCreateOidFromStr
Commits on May 3, 2021
Commits on Apr 4, 2021
-
Bug 5112: Excessively loud chunked reply parsing error reporting (#789)
Traffic parsing errors should be reported at level 2 (or below) because Squid admins can usually do nothing about them and a noisy cache.log hides important problems that they can and should do something about. TODO: Detail this and similar parsing errors for %err_detail logging. Also removed an unnecessary used-once macro.
-
Fix HttpHeaderStats definition to include hoErrorDetail (#787)
... when Squid is built --with-openssl. We were "lucky" that the memory area after HttpHeaderStats was not, apparently, used for anything important enough when HttpHeader::parse(), indirectly called from errorInitialize() during initial Squid configuration, was writing to it. Detected by using AddressSanitizer. The bug was created in commit 02259ff and cemented by commit 2673511.
-
Bug 5104: Memory leak in RFC 2169 response parsing (#778)
A temporary parsing buffer was not being released when parsing completed.
-
Bug 3556: "FD ... is not an open socket" for accept() problems (#777)
Many things could go wrong after Squid successfully accept(2)ed a socket and before that socket was registered with Comm. During that window, the socket is stored in a refcounted Connection object. When that object was auto-destroyed on the error handling path, its attempt to auto-close the socket would trigger level-1 BUG 3556 errors because the socket was not yet opened from Comm point of view. This change eliminates that "already in Connection but not yet in Comm" window. The fixed BUG 3556 errors stalled affected clients and leaked their FDs. TODO: Keeping that window closed should not require a human effort, but achieving that goal probably requires significant changes. We are investigating.
-
-
Squid-to-client write_timeout triggers client_lifetime timeout (#747)
Since commit 5ef5e5c, a socket write timeout triggers two things: * reporting of a write error to the socket writer (as designed/expected) * reporting of a socket read timeout to the socket reader (unexpected). The exact outcome probably depends on the transaction state, but one known manifestation of this bug is the following level-1 message in cache.log, combined with an access.log record showing a much-shorter-than-client_lifetime transaction response time. WARNING: Closing client connection due to lifetime timeout
-
Commits on Jan 31, 2021
-
Bug 5073: Compile error: index was not declared in this scope (#740)
Use strchr(3) instead of a legacy POSIX.1-2001 index(3) API. Also removed the index() implementation on MS Windows as no longer used.
Commits on Jan 30, 2021
Commits on Nov 23, 2020
-
Transactions exceeding client_lifetime are logged as _ABORTED (#748)
... rather than timed out (_TIMEOUT). To record the right cause of death, we have to call terminateAll() rather than setting logType.err.timedout directly. Otherwise, when ConnStateData::swanSong() calls terminateAll(0), it overwrites our direct setting.
-
Fix cachemgr.cgi regression in the bug 4957 fix (#741)
After master commit 2e29287, authenticated CGI interface users could not use the menu links (getting HTTP 403 error). Symptoms in cache.log: CacheManager: unknown@...: password needed for 'menu' CacheManager: <username>@...: incorrect password for 'menu'
-
Bug 5076: WCCP Security Info incorrect (#725)
When generating and validating WCCP2 Security Info use only an 8 byte password.
-
-
Restored support for non-lowercase Transfer-Encoding values (#723)
... after "Improve Transfer-Encoding handling" commit f6dd87e. Folks are reporting Chunked Transfer-Encoding values in real traffic. HTTP requires case-insensitve treatment of codings.
-
Merge pull request from GHSA-jvf6-h9gj-pmj6
* Add slash prefix to path-rootless or path-noscheme URLs * Update src/anyp/Uri.cc Co-authored-by: Alex Rousskov <rousskov@measurement-factory.com> * restore file trailer GH auto-removes * Remove redundant path-empty check * Removed stale comment left behind by b2ab59a Many things imply a leading `/` in a URI. Their enumeration is likely to (and did) become stale, misleading the reader. * fixup: Remind that the `src` iterator may be at its end We are dereferencing `src` without comparing it to `\0`. To many readers that (incorrectly) implies that we are not done iterating yet. Also fixed branch-added comment indentation. Co-authored-by: Alex Rousskov <rousskov@measurement-factory.com>