Skip to content
Permalink
v4
Switch branches/tags

Name already in use

A tag already exists with the provided branch name. Many Git commands accept both tag and branch names, so creating this branch may cause unexpected behavior. Are you sure you want to create this branch?

Commits on Sep 22, 2022

  1. Bug 3193 pt2: NTLM decoder truncating strings (#1114)

    The initial bug fix overlooked large 'offset' causing integer
    wrap to extract a too-short length string.
    
    Improve debugs and checks sequence to clarify cases and ensure
    that all are handled correctly.
    yadij committed Sep 22, 2022
  2. Fix typo in manager ACL (#1113)

    yadij committed Sep 22, 2022

Commits on Jun 18, 2022

Commits on Oct 3, 2021

  1. 4.17 (#908)

    squidadm committed Oct 3, 2021

Commits on Sep 29, 2021

  1. WCCP: Validate packets better (#899)

    Update WCCP to support exception based error handling for
    parsing and processing we are moving Squid to for protocol
    handling.
    
    Update the main WCCPv2 parsing checks to throw meaningful
    exceptions when detected.
    yadij committed Sep 29, 2021

Commits on Jul 5, 2021

  1. 4.16 (#852)

    squidadm committed Jul 5, 2021

Commits on Jun 17, 2021

  1. Bug 4528: ICAP transactions quit on async DNS lookups (#795)

    The bug directly affected some ICAP OPTIONS transactions and indirectly
    affected some ICAP REQMOD/RESPMOD transactions:
    
    * OPTIONS: When a transaction needed to look up an IP address of the
      ICAP service, and that address was not cached by Squid, it ended
      prematurely because Adaptation::Icap::Xaction::doneAll() was unaware
      of ipcache_nbgethostbyname()'s async nature. This bug is fixed now.
    
    * REQMOD/RESPMOD: Adaptation::Icap::ModXact masked the _direct_ effects
      of the bug: ModXact::startWriting() sets state.writing before calling
      openConnection() which schedules the DNS lookup. That "I am still
      writing" state makes ModXact::doneAll() false while a REQMOD or
      RESPMOD transaction waits for the DNS lookup.
    
      However, REQMOD and RESPMOD transactions that require an OPTIONS
      transaction (because the service options have never been fetched
      before or have expired) could still fail because the OPTIONS
      transaction they trigger could fail as described in the first bullet.
      For example, the first few REQMOD and RESPMOD transactions for a given
      service -- all those started before the DNS lookup completes and Squid
      caches its result -- could fail this way. With the OPTIONS now fixed,
      these REQMOD and RESPMOD transactions should work correctly.
    
    Broken since inception (commit fb505fa).
    rousskov authored and yadij committed Jun 17, 2021
  2. Bug 5129 pt1: remove Lock use from HttpRequestMethod (#825)

    Removes the need for a custom assignment operator with a questionable
    implementation, addressing compiler and static analysis warnings.
    yadij committed Jun 17, 2021
  3. Fix --with-valgrind-debug build broken by commit 02f5357 (#822)

        error: cbdata_htable was not declared in this scope
    rousskov authored and yadij committed Jun 17, 2021
  4. Bug 5128: Translation: Fix % i typo in es/ERR_FORWARDING_DENIED (#821)

        | ERROR: .../es/ERR_FORWARDING_DENIED: Unsupported error page %code
        near % i es un...
    
    Typo added in bbeb83f.
    rousskov authored and yadij committed Jun 17, 2021

Commits on May 10, 2021

  1. 4.15 (#818)

    squidadm committed May 10, 2021

Commits on May 7, 2021

  1. Replace cbdata::Offset hack with offsetof() (#809)

    Also remove unused OFFSET_OF macro.
    yadij committed May 7, 2021
  2. Stop processing a response if the Store entry is gone (#806)

    HttpStateData::processReply() is usually called synchronously, after
    checking the Store entry status, but there are other call chains.
    
    StoreEntry::isAccepting() adds STORE_PENDING check to the ENTRY_ABORTED
    check. An accepting entry is required for writing into Store. In theory,
    an entry may stop accepting new writes (without being aborted) if
    FwdState or another entry co-owner writes an error response due to a
    timeout or some other problem that happens while we are waiting for an
    I/O callback or some such.
    
    N.B. HTTP and FTP code cannot use StoreEntry::isAccepting() directly
    because their network readers may not be the ones writing into Store --
    the content may go through the adaptation layer first and that layer
    might complete the store entry before the entire peer response is
    received. For example, imagine an adaptation service that wants to log
    the whole response containing a virus but also replaces that (large)
    response with a small error reply.
    rousskov authored and yadij committed May 7, 2021
  3. Bug 5106: Broken cache manager URL parsing (#788)

    Use already parsed request-target URL in cache manager and
    update CacheManager to Tokanizer based URL parse
    
    Removing use of sscan() and regex string processing which have
    proven to be problematic on many levels. Most particularly with
    regards to tolerance of normally harmless garbage syntax in URLs
    received.
    
    Support for generic URI schemes is added possibly resolving some
    issues reported with ftp:// URL and manager access via ftp_port
    sockets.
    
    Truly generic support for /squid-internal-mgr/ path prefix is
    added, fixing some user confusion about its use on cache_object:
    scheme URLs.
    
    TODO: support for single-name parameters and URL #fragments
    are left to future updates. As is refactoring the QueryParams
    data storage to avoid SBuf data copying.
    yadij committed May 7, 2021
  4. Fix GCC 10.2.0 build on Ubuntu Hirsute s390x (#796)

    GCC reports
     error: free-nonheap-object: snmp_core.cc(950): snmpCreateOidFromStr
    sergiodj authored and yadij committed May 7, 2021

Commits on May 3, 2021

  1. Add missing include (#810)

    yadij committed May 3, 2021

Commits on Apr 6, 2021

  1. Handle more partial responses (#791)

    rousskov authored and yadij committed Apr 6, 2021
  2. Handle more Range requests (#790)

    Also removed some effectively unused code.
    rousskov authored and yadij committed Apr 6, 2021

Commits on Apr 4, 2021

  1. Bug 5112: Excessively loud chunked reply parsing error reporting (#789)

    Traffic parsing errors should be reported at level 2 (or below) because
    Squid admins can usually do nothing about them and a noisy cache.log
    hides important problems that they can and should do something about.
    
    TODO: Detail this and similar parsing errors for %err_detail logging.
    
    Also removed an unnecessary used-once macro.
    rousskov authored and yadij committed Apr 4, 2021
  2. Fix HttpHeaderStats definition to include hoErrorDetail (#787)

    ... when Squid is built --with-openssl.
    
    We were "lucky" that the memory area after HttpHeaderStats was not,
    apparently, used for anything important enough when HttpHeader::parse(),
    indirectly called from errorInitialize() during initial Squid
    configuration, was writing to it.
    
    Detected by using AddressSanitizer.
    
    The bug was created in commit 02259ff and cemented by commit 2673511.
    rousskov authored and yadij committed Apr 4, 2021
  3. Bug 5104: Memory leak in RFC 2169 response parsing (#778)

    A temporary parsing buffer was not being released when
    parsing completed.
    yadij committed Apr 4, 2021
  4. Bug 3556: "FD ... is not an open socket" for accept() problems (#777)

    Many things could go wrong after Squid successfully accept(2)ed a socket
    and before that socket was registered with Comm. During that window, the
    socket is stored in a refcounted Connection object. When that object was
    auto-destroyed on the error handling path, its attempt to auto-close the
    socket would trigger level-1 BUG 3556 errors because the socket was not
    yet opened from Comm point of view. This change eliminates that "already
    in Connection but not yet in Comm" window.
    
    The fixed BUG 3556 errors stalled affected clients and leaked their FDs.
    
    TODO: Keeping that window closed should not require a human effort, but
    achieving that goal probably requires significant changes. We are
    investigating.
    rousskov authored and yadij committed Apr 4, 2021
  5. Squid-to-client write_timeout triggers client_lifetime timeout (#747)

    Since commit 5ef5e5c, a socket write timeout triggers two things:
    * reporting of a write error to the socket writer (as designed/expected)
    * reporting of a socket read timeout to the socket reader (unexpected).
    
    The exact outcome probably depends on the transaction state, but one
    known manifestation of this bug is the following level-1 message in
    cache.log, combined with an access.log record showing a
    much-shorter-than-client_lifetime transaction response time.
    
        WARNING: Closing client connection due to lifetime timeout
    rousskov authored and yadij committed Apr 4, 2021
  6. Fixed a couple of minor typos (#783)

    acli authored and yadij committed Apr 4, 2021

Commits on Feb 4, 2021

  1. 4.14 (#768)

    squidadm committed Feb 4, 2021

Commits on Jan 31, 2021

  1. Bug 5073: Compile error: index was not declared in this scope (#740)

    Use strchr(3) instead of a legacy POSIX.1-2001 index(3) API.
    
    Also removed the index() implementation on MS Windows as no longer used.
    yadij committed Jan 31, 2021

Commits on Jan 30, 2021

Commits on Nov 23, 2020

  1. Transactions exceeding client_lifetime are logged as _ABORTED (#748)

    ... rather than timed out (_TIMEOUT).
    
    To record the right cause of death, we have to call terminateAll()
    rather than setting logType.err.timedout directly. Otherwise, when
    ConnStateData::swanSong() calls terminateAll(0), it overwrites our
    direct setting.
    rousskov authored and yadij committed Nov 23, 2020
  2. Fix cachemgr.cgi regression in the bug 4957 fix (#741)

    After master commit 2e29287, authenticated CGI interface users could not
    use the menu links (getting HTTP 403 error). Symptoms in cache.log:
    
        CacheManager: unknown@...: password needed for 'menu'
        CacheManager: <username>@...: incorrect password for 'menu'
    brozs authored and yadij committed Nov 23, 2020
  3. Bug 5076: WCCP Security Info incorrect (#725)

    When generating and validating WCCP2 Security Info use only an
    8 byte password.
    craiggowing authored and yadij committed Nov 23, 2020
  4. Restored support for non-lowercase Transfer-Encoding values (#723)

    ... after "Improve Transfer-Encoding handling" commit f6dd87e.
    
    Folks are reporting Chunked Transfer-Encoding values in real
    traffic. HTTP requires case-insensitve treatment of codings.
    rousskov authored and yadij committed Nov 23, 2020
  5. Merge pull request from GHSA-jvf6-h9gj-pmj6

    * Add slash prefix to path-rootless or path-noscheme URLs
    
    * Update src/anyp/Uri.cc
    
    Co-authored-by: Alex Rousskov <rousskov@measurement-factory.com>
    
    * restore file trailer GH auto-removes
    
    * Remove redundant path-empty check
    
    * Removed stale comment left behind by b2ab59a
    
    Many things imply a leading `/` in a URI. Their enumeration is likely to
    (and did) become stale, misleading the reader.
    
    * fixup: Remind that the `src` iterator may be at its end
    
    We are dereferencing `src` without comparing it to `\0`.
    To many readers that (incorrectly) implies that we are not done iterating yet.
    
    Also fixed branch-added comment indentation.
    
    Co-authored-by: Alex Rousskov <rousskov@measurement-factory.com>
    yadij and rousskov committed Nov 23, 2020
Older