Skip to content
Branch: v4
Commits on Jul 9, 2019
  1. 4.8 (#434)

    squidadm authored and yadij committed Jul 9, 2019
Commits on Jul 8, 2019
  1. Bug 4957: Multiple XSS issues in cachemgr.cgi (#429)

    yadij committed Jul 5, 2019
    The cachemgr.cgi web module of the squid proxy is vulnerable
    to XSS issue. The vulnerable parameters "user_name" and "auth"
    have insufficient sanitization in place.
Commits on Jul 4, 2019
  1. Fix macro name clash on freebsd (#426)

    kinkie authored and yadij committed Jun 29, 2019
    FreeBSD defines FD_NONE in /usr/include/fcntl.h to be magic to
    the system. We are not using that name explicitly anywhere, but
    it may make sense to keep it around as a default value for
    fd_type. Rename the symbol to avoid the clash and fix the build
    on FreeBSD.
  2. Bug 4842: Memory leak when http_reply_access uses external_acl (#424)

    chtsanti authored and yadij committed Jun 29, 2019
    Http::One::Server::handleReply() sets AccessLogEntry::reply which may
    already be set. It is already set, for example, when the ACL code
    has already called syncAle() because external ACLs require an ALE.
    This bug was introduced by commit fbbea66.
    This is a Measurement Factory project.
  3. Remove userinfo support from old protocols (#419)

    yadij committed Jun 23, 2019
    RFC 1738 defines the URL schemes for gopher and wais as not
    having the userinfo@ segment.
    coap, coaps, whois and cache_object also do not use this segment.
    For these cases we can obey the RFC7230 requirement to ignore the
    segment when producing normalized absolute URL.
    Of the supported protocols only FTP requires userinfo, and because
    we cannot be certain for unknown protocols allow it as well.
  4. Fix handling of tiny invalid responses (#422)

    eduard-bagdasaryan authored and yadij committed Jun 23, 2019
    Squid converted any invalid response shorter than 4 bytes into an
    invalid "HTTP/1.1 0 Init" response (with those received characters and a
    CRLFCRLF suffix as a body). In some cases (e.g., with ICAP RESPMOD), the
    resulting body was not sent to the client at all.
    Now Squid handles such responses the same way it handles any non-HTTP/1
    (and non-ICY) response, converting it into a valid HTTP/200 response
    with an X-Transformed-From:HTTP/0.9 header and received bytes as
    a message body.
  5. Send Connection:close with the known-last request on a connection (#421)

    eduard-bagdasaryan authored and yadij committed Jun 21, 2019
    Squid did not send Connection:close request header on a to-be-closed
    HTTP/1.1 connection, violating RFC 7230 Section 6.6 "SHOULD send"
  6. Update HttpHeader::getAuth to SBuf (#416)

    yadij committed Jun 19, 2019
    Replace the fixed-size buffer for decoding base64 tokens with an
    SBuf to avoid decoder issues on large inputs.
    Update callers to SBuf API operations for more efficient memory
  7. Add the NO_TLSv1_3 option to available tls-options values (#418)

    chtsanti authored and yadij committed Jun 15, 2019
    ... also fix the deprecated sslversion option to exclude tls v1.3 from
    allowed protocols where required.
    This is a Measurement Factory project
Commits on Jun 12, 2019
  1. Fix GCC-9 build issues (#413)

    yadij committed Jun 8, 2019
    GCC-9 continues the development track started with GCC-8
    producing more warnings and errors about possible code issues
    which Squid use of "-Wall -Werror" turns into hard build
     error: 'strncpy' output may be truncated copying 6 bytes from a
       string of length 6 [-Werror=stringop-truncation]
     error: '%s' directive argument is null
     error: 'void* memset(void*, int, size_t)' clearing an object of
      type ... with no trivial copy-assignment; use assignment or
      value-initialization instead [-Werror=class-memaccess]
     error: 'void* memset(void*, int, size_t)' clearing an object of
      non-trivial type ...; use assignment or value-initialization
      instead [-Werror=class-memaccess]
    Also, segmentation faults with minimal builds have been
    identified as std::string template differences between
    optimized and non-optimized object binaries. This results in
    cppunit (built with optimizations) crashing unit tests when
    freeing memory. Workaround that temporarily by removing the use
    of --disable-optimizations from minimal builds.
  2. Fix Digest auth parameter parsing (#415)

    yadij committed Jun 8, 2019
    Only remove quoting if the domain=, uri= or qop= parameter
    value is surrounded by double-quotes.
  3. Bug 4953: to_localhost does not include :: (#410)

    yadij committed Jun 6, 2019
    Some OS treat unspecified destination address as an implicit
    localhost connection attempt. Add ::/128 alongside the
    to_localhost address to let admin forbid these
    connections when DNS entries wrongly contain [::].
    Also, adjust ::1 to ::1/128 to match IPv4 range-based definition
    and clarify that IPv6 localhost is /128 rather than /127.
  4. Fix tls-min-version= being ignored

    yadij committed Nov 10, 2018
    Audit required change to make PeerOptions::parse() call
    parseOptions() when 'options=' altered sslOptions instead of
    delaying the parse to context creation.
    This missed the fact that for GnuTLS the tlsMinVersion was
    also updating the sslOptions string rather than the
    parsedOptions variable later in the configuration process.
    Call parseOptions() to reset the parsedOptions value whenever
    sslOptions string is altered.
  5. Replace uudecode with libnettle base64 decoder (#406)

    yadij committed May 21, 2019
    Since RFC 7235 updated the HTTP Authentication credentials token
    to the token68 characterset it is possible that characters
    uudecode cannot cope with are received.
    The Nettle decoder better handles characters which are valid but
    not to be used for Basic auth token.
  6. Bug 4937: cachemgr.cgi: unallocated memory access (#407)

    yadij committed May 18, 2019
    ... after base64_decode_update
    Ensure that a terminator exists for the decoded string before
    using str*() syscalls.
  7. Bug 4889: Ignore ECONNABORTED in accept(2) (#404)

    mherrb authored and yadij committed May 13, 2019
    An aborted connection attempt does not affect listening socket's
    ability to accept other connections. If the error is not ignored, Squid
    gets stuck after logging an oldAccept error like this one:
        oldAccept ...: (53) Software caused connection abort
    This bug fix was motivated by accept(2) changes in OpenBSD v6.5 that
    resulted in new ECONNABORTED errors under regular deployment conditions:
Commits on May 6, 2019
  1. 4.7

    squidadm authored and yadij committed May 6, 2019
  2. Prep for 4.7

    yadij committed May 4, 2019
  3. Bug 4942: --with-filedescriptors does not do anything (#395)

    yadij committed May 4, 2019
    SQUID_CHECK_MAXFD has been unconditionally overwriting any
    user-defined limit with an auto-detected limit from the build
    machine. The change causing this was an incomplete fix for
    bug 3970 added to v3.3 and later releases.
    Fixing that problem has two notable side effects:
    * the user-defined value now has the FD property checks applied
      to it (multiple of 64, too-few, etc). This means warnings will
      start to appear in build logs for a number of custom
      configurations. We should expect an increase in questions
      about that.
    * builds which have previously been passing in outrageous values
      will actually start to use those values as the SQUID_MAXFD
      limit. This may result in surprising memory consumption or
      performance issues. Hopefully the warnings and new messages
      displaying auto-detected limit separate from the value used
      will reduce the admin surprise, but may not.
    This PR also includes cleanup of the autoconf syntax within the
    SQUID_CHECK_MAXFD macro and moves the ./configure warnings about
    possible issues into that check macro.
  4. Check user-provided PATH for krb5-config (#390)

    yadij committed Apr 13, 2019
    When MIT or Heimdal Keberos libraries are installed at a custom
    location there may be several krb5-config installed. The one
    located at the user-provided path (if any) needs to have preference.
Commits on Apr 26, 2019
  1. Bug 4823: assertion failed: "lowestOffset () <= target_offset" (#394)

    eduard-bagdasaryan authored and squid-anubis committed Apr 19, 2019
    This assertion could be triggered by various swapout failures for
    ufs/aufs/diskd cache_dir entries.
    The bug was caused by 4310f8b change related to storeSwapOutFileClosed()
    method. Before that change, swapout failures resulted in
    StoreEntry::swap_status set to SWAPOUT_NONE, preventing
    another/asserting iteration of StoreEntry::swapOut().
    This fix adds SWAPOUT_FAILED swap status for marking swapout failures
    (instead of reviving and abusing SWAPOUT_NONE), making the code more
    Also removed storeSwapOutFileNotify() implementation.  We should not
    waste time on maintaining an unused method that now contains conflicting
    assertions: swappingOut() and !hasDisk().
Commits on Apr 11, 2019
  1. Bug 4796: !isOpen(conn->fd) assertion when rotating logs (#382)

    rousskov authored and yadij committed Apr 1, 2019
    Squid abandoned cache.log file descriptor maintenance, calling fd_open()
    but then closing the descriptor without fd_close(). If the original file
    descriptor value was reused for another purpose, Squid would either hit
    the reported assertion or log a "Closing open FD" WARNING (depending on
    the new purpose). The cache.log file descriptor is closed on log
    rotation and reconfiguration events.
    This short-term solution avoids assertions and WARNINGs but sacrifices
    cache.log listing in fd_table and, hence, mgr:filedescriptors reports.
    The correct long-term solution is to properly maintain descriptor meta
    information across cache.log closures/openings, but doing so from inside
    of is technically difficult due to linking boundaries/problems.
  2. When using OpenSSL, trust intermediate CAs from trusted stores (#383)

    rousskov authored and yadij committed Mar 19, 2019
    According to [1], GnuTLS and NSS do that by default.
    Use case: Chrome and Mozilla no longer trust Semantic root CAs _but_
    still trust several whitelisted Semantic intermediate CAs[2]. Squid
    built with OpenSSL cannot do that without X509_V_FLAG_PARTIAL_CHAIN.
  3. Bug 4928: Cannot convert non-IPv4 to IPv4 (#379)

    yadij committed Mar 7, 2019
    ... when reaching client_ip_max_connections
    The client_ip_max_connections limit is checked before the TCP dst-IP is located for the newly received TCP connection. This leaves Squid unable to fetch the NFMARK or similar
    details later on (they do not exist for [::]).
    Move client_ip_max_connections test later in the TCP accept process to ensure dst-IP is known when the error is produced.
  4. Made Coverity happier after e863656 (timestamps for FATAL) (#374)

    rousskov authored and yadij committed Feb 24, 2019
    CID 1441976: Uninitialized scalar field (UNINIT_CTOR)
    The forgotten stub data member is currently unused.
  5. Fixed squidclient authentication after 4b19fa9 (Bug 4843 pt2) (#373)

    rousskov authored and yadij committed Feb 24, 2019
    * squidclient -U sent Proxy-Authorization instead of Authorization.
      Code duplication bites again.
    * squidclient -U and -u could sent random garbage after the correct
      [Proxy-]Authorization value as exposed by Coverity CID 1441999: Unused
      value (UNUSED_VALUE). Coverity missed this deeper problem, but
      analyzing its report lead to discovery of the two bugs fixed here.
    Also reduced authentication-related code duplication.
  6. Fix stack-based buffer-overflow when parsing SNMP messages (#319)

    flozilla authored and yadij committed Feb 19, 2019
    Fortunately, this off-by-one bug seems to have no runtime effect.
Commits on Feb 24, 2019
  1. Add support for buffer-size= to UDP logging #359 (#377)

    mahdi1001 authored and yadij committed Feb 24, 2019
    * Add support for buffer-size= to UDP logging #359
    Allow admin control of buffering for log outputs written to UDP
    receivers using the buffer-size= parameter.
    buffer-size=0byte disables buffering and sends UDP packets
    immediately regardless of line size.
    When non-0 values are used lines shorter than the buffer may be
    delayed and aggregated into a later UDP packet.
    Log lines larger than the buffer size will be sent immediately
    and may trigger delivery of previously buffered content to
    retain log order (at time of send, not UDP arrival).
    To avoid truncation problems known with common recipients
    the buffer size remains capped at 1400 bytes.
    * Fixed source code formatting
Commits on Feb 19, 2019
  1. 4.6 (#362)

    squidadm authored and yadij committed Feb 19, 2019
Commits on Feb 17, 2019
  1. Bug 4919: master commit b599471 leaks memory (#364) (#368)

    squidadm authored and yadij committed Feb 17, 2019
    Restored the natural order of the following two notifications:
    * BodyConsumer::noteMoreBodyDataAvailable() and
    * BodyConsumer::noteBodyProductionEnded() or noteBodyProducerAborted().
    Commit b599471 unintentionally reordered those two notifications. Client
    kids (and possibly other BodyConsumers) relied on the natural order to
    end their work. If an HttpStateData job was done with the Squid-to-peer
    connection and only waiting for the last adapted body bytes, it would
    get stuck and leak many objects. This use case was not tested during
    b599471 work.
  2. SourceFormat Enforcement (#367)

    squidadm authored and yadij committed Feb 17, 2019
Commits on Feb 8, 2019
  1. SourceFormat Enforcement

    squidadm authored and yadij committed Feb 7, 2019
  2. basic_ldap_auth: Return BH on internal errors; polished messages (#347)

    amishmm authored and yadij committed Jan 2, 2019
    Basic LDAP auth helper now returns BH instead of ERR in case of errors
    other than LDAP_SECURITY_ERROR, per helper guidelines.
    Motivation: I have a wrapper around Basic LDAP auth helper. If an LDAP
    server is down, then the helper returns BH, and the wrapper uses
    a fallback authentication source.
    Also converted printf() to SEND_*() macros and reduced message
You can’t perform that action at this time.