diff -u -r -N squid-3.2.11/ChangeLog squid-3.2.12/ChangeLog
--- squid-3.2.11/ChangeLog 2013-04-30 16:47:06.000000000 +1200
+++ squid-3.2.12/ChangeLog 2013-07-11 17:25:44.000000000 +1200
@@ -1,4 +1,11 @@
+Changes to squid-3.2.12 (11 Jul 2013):
+
+ - Protect against buffer overrun in DNS query generation
+ - Avoid !closing assertions when helpers call comm_read during reconfigure.
+ - Fix several minor memory leaks during reconfigure
+ - Remove origin_tries limiter on forwarding and permit large max_forward_tries values
+
Changes to squid-3.2.11 (30 Apr 2013):
- Regression Bug 3839: build error: src/tools.h: No such file or directory
diff -u -r -N squid-3.2.11/configure squid-3.2.12/configure
--- squid-3.2.11/configure 2013-04-30 16:47:59.000000000 +1200
+++ squid-3.2.12/configure 2013-07-11 17:27:14.000000000 +1200
@@ -1,7 +1,7 @@
#! /bin/sh
# From configure.ac Revision.
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.11.
+# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.2.12.
#
# Report bugs to .
#
@@ -575,8 +575,8 @@
# Identity of this package.
PACKAGE_NAME='Squid Web Proxy'
PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='3.2.11'
-PACKAGE_STRING='Squid Web Proxy 3.2.11'
+PACKAGE_VERSION='3.2.12'
+PACKAGE_STRING='Squid Web Proxy 3.2.12'
PACKAGE_BUGREPORT='http://bugs.squid-cache.org/'
PACKAGE_URL=''
@@ -1571,7 +1571,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures Squid Web Proxy 3.2.11 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 3.2.12 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1641,7 +1641,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of Squid Web Proxy 3.2.11:";;
+ short | recursive ) echo "Configuration of Squid Web Proxy 3.2.12:";;
esac
cat <<\_ACEOF
@@ -2019,7 +2019,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-Squid Web Proxy configure 3.2.11
+Squid Web Proxy configure 3.2.12
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@@ -3115,7 +3115,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by Squid Web Proxy $as_me 3.2.11, which was
+It was created by Squid Web Proxy $as_me 3.2.12, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@@ -3934,7 +3934,7 @@
# Define the identity of the package.
PACKAGE='squid'
- VERSION='3.2.11'
+ VERSION='3.2.12'
cat >>confdefs.h <<_ACEOF
@@ -30894,7 +30894,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by Squid Web Proxy $as_me 3.2.11, which was
+This file was extended by Squid Web Proxy $as_me 3.2.12, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -30960,7 +30960,7 @@
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-Squid Web Proxy config.status 3.2.11
+Squid Web Proxy config.status 3.2.12
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
diff -u -r -N squid-3.2.11/configure.ac squid-3.2.12/configure.ac
--- squid-3.2.11/configure.ac 2013-04-30 16:47:59.000000000 +1200
+++ squid-3.2.12/configure.ac 2013-07-11 17:27:14.000000000 +1200
@@ -1,4 +1,4 @@
-AC_INIT([Squid Web Proxy],[3.2.11],[http://bugs.squid-cache.org/],[squid])
+AC_INIT([Squid Web Proxy],[3.2.12],[http://bugs.squid-cache.org/],[squid])
AC_PREREQ(2.61)
AC_CONFIG_HEADERS([include/autoconf.h])
AC_CONFIG_AUX_DIR(cfgaux)
diff -u -r -N squid-3.2.11/helpers/basic_auth/DB/basic_db_auth.8 squid-3.2.12/helpers/basic_auth/DB/basic_db_auth.8
--- squid-3.2.11/helpers/basic_auth/DB/basic_db_auth.8 2013-04-30 17:08:15.000000000 +1200
+++ squid-3.2.12/helpers/basic_auth/DB/basic_db_auth.8 2013-07-11 17:49:32.000000000 +1200
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "BASIC_DB_AUTH 1"
-.TH BASIC_DB_AUTH 1 "2013-04-29" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH BASIC_DB_AUTH 1 "2013-07-10" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.2.11/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.2.12/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8
--- squid-3.2.11/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-04-30 17:08:19.000000000 +1200
+++ squid-3.2.12/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-07-11 17:49:34.000000000 +1200
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1"
-.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-04-29" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-07-10" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.2.11/include/version.h squid-3.2.12/include/version.h
--- squid-3.2.11/include/version.h 2013-04-30 16:47:59.000000000 +1200
+++ squid-3.2.12/include/version.h 2013-07-11 17:27:14.000000000 +1200
@@ -9,7 +9,7 @@
*/
#ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1367297224
+#define SQUID_RELEASE_TIME 1373520341
#endif
#ifndef APP_SHORTNAME
diff -u -r -N squid-3.2.11/RELEASENOTES.html squid-3.2.12/RELEASENOTES.html
--- squid-3.2.11/RELEASENOTES.html 2013-04-30 17:08:31.000000000 +1200
+++ squid-3.2.12/RELEASENOTES.html 2013-07-11 17:49:40.000000000 +1200
@@ -1,11 +1,11 @@
-
- Squid 3.2.11 release notes
+
+ Squid 3.2.12 release notes
-Squid 3.2.11 release notes
+Squid 3.2.12 release notes
Squid Developers
@@ -72,7 +72,7 @@
-The Squid Team are pleased to announce the release of Squid-3.2.11.
+The Squid Team are pleased to announce the release of Squid-3.2.12.
This new release is available for download from
http://www.squid-cache.org/Versions/v3/3.2/ or the
mirrors.
diff -u -r -N squid-3.2.11/src/client_db.cc squid-3.2.12/src/client_db.cc
--- squid-3.2.11/src/client_db.cc 2013-04-30 16:47:06.000000000 +1200
+++ squid-3.2.12/src/client_db.cc 2013-07-11 17:25:44.000000000 +1200
@@ -72,8 +72,9 @@
clientdbAdd(const Ip::Address &addr)
{
ClientInfo *c;
- char *buf = new char[MAX_IPSTRLEN];
+ char *buf = static_cast(xmalloc(MAX_IPSTRLEN)); // becomes hash.key
c = (ClientInfo *)memAllocate(MEM_CLIENT_INFO);
+ debugs(77, 9, "ClientInfo constructed, this=" << c);
c->hash.key = addr.NtoA(buf,MAX_IPSTRLEN);
c->addr = addr;
#if USE_DELAY_POOLS
@@ -355,6 +356,7 @@
}
#endif
+ debugs(77, 9, "ClientInfo destructed, this=" << c);
memFree(c, MEM_CLIENT_INFO);
}
diff -u -r -N squid-3.2.11/src/dns_internal.cc squid-3.2.12/src/dns_internal.cc
--- squid-3.2.11/src/dns_internal.cc 2013-04-30 16:47:06.000000000 +1200
+++ squid-3.2.12/src/dns_internal.cc 2013-07-11 17:25:44.000000000 +1200
@@ -1660,23 +1660,29 @@
void
idnsALookup(const char *name, IDNSCB * callback, void *data)
{
- unsigned int i;
- int nd = 0;
- idns_query *q;
+ size_t nameLength = strlen(name);
+
+ // Prevent buffer overflow on q->name
+ if (nameLength > NS_MAXDNAME) {
+ debugs(23, DBG_IMPORTANT, "SECURITY ALERT: DNS name too long to perform lookup: '" << name << "'. see access.log for details.");
+ callback(data, NULL, 0, "Internal error");
+ return;
+ }
if (idnsCachedLookup(name, callback, data))
return;
- q = cbdataAlloc(idns_query);
+ idns_query *q = cbdataAlloc(idns_query);
// idns_query is POD so no constructors are called after allocation
q->xact_id.change();
q->query_id = idnsQueryID();
- for (i = 0; i < strlen(name); ++i)
+ int nd = 0;
+ for (unsigned int i = 0; i < nameLength; ++i)
if (name[i] == '.')
++nd;
- if (Config.onoff.res_defnames && npc > 0 && name[strlen(name)-1] != '.') {
+ if (Config.onoff.res_defnames && npc > 0 && name[nameLength-1] != '.') {
q->do_searchpath = 1;
} else {
q->do_searchpath = 0;
diff -u -r -N squid-3.2.11/src/forward.cc squid-3.2.12/src/forward.cc
--- squid-3.2.11/src/forward.cc 2013-04-30 16:47:06.000000000 +1200
+++ squid-3.2.12/src/forward.cc 2013-07-11 17:25:44.000000000 +1200
@@ -515,10 +515,7 @@
if (!entry->isEmpty())
return false;
- if (n_tries > 10)
- return false;
-
- if (origin_tries > 2)
+ if (n_tries > Config.forward_max_tries)
return false;
if (squid_curtime - start_t > Config.Timeout.forward)
@@ -940,9 +937,6 @@
debugs(17, 3, HERE << "reusing pconn " << serverConnection());
++n_tries;
- if (!serverConnection()->getPeer())
- ++origin_tries;
-
comm_add_close_handler(serverConnection()->fd, fwdServerClosedWrapper, this);
/* Update server side TOS and Netfilter mark on the connection. */
@@ -1131,9 +1125,6 @@
if (n_tries > Config.forward_max_tries)
return 0;
- if (origin_tries > 1)
- return 0;
-
if (request->bodyNibbled())
return 0;
diff -u -r -N squid-3.2.11/src/forward.h squid-3.2.12/src/forward.h
--- squid-3.2.11/src/forward.h 2013-04-30 16:47:06.000000000 +1200
+++ squid-3.2.12/src/forward.h 2013-07-11 17:25:44.000000000 +1200
@@ -97,7 +97,6 @@
Comm::ConnectionPointer clientConn; ///< a possibly open connection to the client.
time_t start_t;
int n_tries;
- int origin_tries;
// AsyncCalls which we set and may need cancelling.
struct {
diff -u -r -N squid-3.2.11/src/helper.cc squid-3.2.12/src/helper.cc
--- squid-3.2.11/src/helper.cc 2013-04-30 16:47:06.000000000 +1200
+++ squid-3.2.12/src/helper.cc 2013-07-11 17:25:44.000000000 +1200
@@ -38,6 +38,7 @@
#include "comm/Connection.h"
#include "comm/Write.h"
#include "helper.h"
+#include "fde.h"
#include "format/Quoting.h"
#include "MemBuf.h"
#include "SquidMath.h"
@@ -750,7 +751,7 @@
safe_free(srv->requests);
cbdataReferenceDone(srv->parent);
- cbdataFree(srv);
+ delete srv;
}
static void
@@ -812,7 +813,7 @@
cbdataReferenceDone(srv->parent);
- cbdataFree(srv);
+ delete srv;
}
/// Calls back with a pointer to the buffer with the helper output
@@ -920,7 +921,7 @@
helperReturnBuffer(i, srv, hlp, msg, t);
}
- if (Comm::IsConnOpen(srv->readPipe)) {
+ if (Comm::IsConnOpen(srv->readPipe) && !fd_table[srv->readPipe->fd].closing()) {
int spaceSize = srv->rbuf_sz - srv->roffset - 1;
assert(spaceSize >= 0);
@@ -1021,7 +1022,7 @@
helperStatefulReleaseServer(srv);
}
- if (Comm::IsConnOpen(srv->readPipe)) {
+ if (Comm::IsConnOpen(srv->readPipe) && !fd_table[srv->readPipe->fd].closing()) {
int spaceSize = srv->rbuf_sz - srv->roffset - 1;
assert(spaceSize >= 0);
diff -u -r -N squid-3.2.11/src/HttpHeader.cc squid-3.2.12/src/HttpHeader.cc
--- squid-3.2.11/src/HttpHeader.cc 2013-04-30 16:47:06.000000000 +1200
+++ squid-3.2.12/src/HttpHeader.cc 2013-07-11 17:25:44.000000000 +1200
@@ -433,37 +433,37 @@
PROF_start(HttpHeaderClean);
- /*
- * An unfortunate bug. The entries array is initialized
- * such that count is set to zero. httpHeaderClean() seems to
- * be called both when 'hdr' is created, and destroyed. Thus,
- * we accumulate a large number of zero counts for 'hdr' before
- * it is ever used. Can't think of a good way to fix it, except
- * adding a state variable that indicates whether or not 'hdr'
- * has been used. As a hack, just never count zero-sized header
- * arrays.
- */
-
if (owner <= hoReply) {
+ /*
+ * An unfortunate bug. The entries array is initialized
+ * such that count is set to zero. httpHeaderClean() seems to
+ * be called both when 'hdr' is created, and destroyed. Thus,
+ * we accumulate a large number of zero counts for 'hdr' before
+ * it is ever used. Can't think of a good way to fix it, except
+ * adding a state variable that indicates whether or not 'hdr'
+ * has been used. As a hack, just never count zero-sized header
+ * arrays.
+ */
if (0 != entries.count)
HttpHeaderStats[owner].hdrUCountDistr.count(entries.count);
++ HttpHeaderStats[owner].destroyedCount;
HttpHeaderStats[owner].busyDestroyedCount += entries.count > 0;
+ } // if (owner <= hoReply)
- while ((e = getEntry(&pos))) {
- /* tmp hack to try to avoid coredumps */
+ while ((e = getEntry(&pos))) {
+ /* tmp hack to try to avoid coredumps */
- if (e->id < 0 || e->id >= HDR_ENUM_END) {
- debugs(55, 0, "HttpHeader::clean BUG: entry[" << pos << "] is invalid (" << e->id << "). Ignored.");
- } else {
+ if (e->id < 0 || e->id >= HDR_ENUM_END) {
+ debugs(55, DBG_CRITICAL, "HttpHeader::clean BUG: entry[" << pos << "] is invalid (" << e->id << "). Ignored.");
+ } else {
+ if (owner <= hoReply)
HttpHeaderStats[owner].fieldTypeDistr.count(e->id);
- /* yes, this deletion leaves us in an inconsistent state */
- delete e;
- }
+ /* yes, this deletion leaves us in an inconsistent state */
+ delete e;
}
- } // if (owner <= hoReply)
+ }
entries.clean();
httpHeaderMaskInit(&mask, 0);
len = 0;