diff -u -r -N squid-3.0.STABLE16/bootstrap.sh squid-3.0.STABLE17/bootstrap.sh --- squid-3.0.STABLE16/bootstrap.sh 2009-06-15 19:31:05.000000000 +1200 +++ squid-3.0.STABLE17/bootstrap.sh 2009-07-27 00:24:36.000000000 +1200 @@ -8,7 +8,7 @@ # to match the versions you want to use, or set the variables on # the command line like "env acver=.. amver=... ./bootstrap.sh" acversions="${acver:-2.62 2.61 2.59 2.57 2.53 2.52}" -amversions="${amver:-1.10 1.9 1.7 1.6 1.5}" +amversions="${amver:-1.11 1.10 1.9}" ltversions="${ltver:-1.5 1.4}" check_version() diff -u -r -N squid-3.0.STABLE16/ChangeLog squid-3.0.STABLE17/ChangeLog --- squid-3.0.STABLE16/ChangeLog 2009-06-15 19:31:05.000000000 +1200 +++ squid-3.0.STABLE17/ChangeLog 2009-07-27 00:24:36.000000000 +1200 @@ -1,3 +1,16 @@ +Changes to squid-3.0.STABLE17 (27 Jul 2009): + + - Bug 2680 regression: Crash after rotate with no helpers running + - Bug 2710: squid_kerb_auth non-terminated string + - Bug 2679: strsep and strtoll detection failure + - Bug 2674: Remove limit on HTTP headers read. + - Bug 2659: String length overflows on append, leading to segfaults + - Bug 2620: Invalid HTTP response codes causes segfault + - Bug 2080: wbinfo_group.pl - false positive under certain conditions + - Bug 1087: ESI processor not quoting attributes correctly. + - Fix: issue with AUFS/UFS/DiskD writing objects to disk cache + - Several small build issues with previous release. + Changes to squid-3.0.STABLE16 (15 Jun 2009): - Bug 2672: cacheMemMaxSize 32-bit overflow during snmpwalk diff -u -r -N squid-3.0.STABLE16/configure squid-3.0.STABLE17/configure --- squid-3.0.STABLE16/configure 2009-06-15 19:31:33.000000000 +1200 +++ squid-3.0.STABLE17/configure 2009-07-27 00:24:48.000000000 +1200 @@ -1,7 +1,7 @@ #! /bin/sh -# From configure.in Revision: 1.488.2.3 . +# From configure.in Revision. # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.62 for Squid Web Proxy 3.0.STABLE16. +# Generated by GNU Autoconf 2.62 for Squid Web Proxy 3.0.STABLE17. # # Report bugs to . # @@ -751,8 +751,8 @@ # Identity of this package. PACKAGE_NAME='Squid Web Proxy' PACKAGE_TARNAME='squid' -PACKAGE_VERSION='3.0.STABLE16' -PACKAGE_STRING='Squid Web Proxy 3.0.STABLE16' +PACKAGE_VERSION='3.0.STABLE17' +PACKAGE_STRING='Squid Web Proxy 3.0.STABLE17' PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/' ac_unique_file="src/main.cc" @@ -1011,10 +1011,6 @@ USE_KQUEUE_FALSE USE_DEVPOLL_TRUE USE_DEVPOLL_FALSE -NEED_OWN_STRSEP_TRUE -NEED_OWN_STRSEP_FALSE -NEED_OWN_STRTOLL_TRUE -NEED_OWN_STRTOLL_FALSE REGEXLIB LIBREGEX XTRA_OBJS @@ -1668,7 +1664,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures Squid Web Proxy 3.0.STABLE16 to adapt to many kinds of systems. +\`configure' configures Squid Web Proxy 3.0.STABLE17 to adapt to many kinds of systems. Usage: $0 [OPTION]... [VAR=VALUE]... @@ -1738,7 +1734,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of Squid Web Proxy 3.0.STABLE16:";; + short | recursive ) echo "Configuration of Squid Web Proxy 3.0.STABLE17:";; esac cat <<\_ACEOF @@ -2050,7 +2046,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -Squid Web Proxy configure 3.0.STABLE16 +Squid Web Proxy configure 3.0.STABLE17 generated by GNU Autoconf 2.62 Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001, @@ -2064,7 +2060,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by Squid Web Proxy $as_me 3.0.STABLE16, which was +It was created by Squid Web Proxy $as_me 3.0.STABLE17, which was generated by GNU Autoconf 2.62. Invocation command line was $ $0 $@ @@ -2782,7 +2778,7 @@ # Define the identity of the package. PACKAGE='squid' - VERSION='3.0.STABLE16' + VERSION='3.0.STABLE17' cat >>confdefs.h <<_ACEOF @@ -5543,7 +5539,7 @@ ;; *-*-irix6*) # Find out which ABI we are using. - echo '#line 5546 "configure"' > conftest.$ac_ext + echo '#line 5542 "configure"' > conftest.$ac_ext if { (eval echo "$as_me:$LINENO: \"$ac_compile\"") >&5 (eval $ac_compile) 2>&5 ac_status=$? @@ -8166,11 +8162,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8169: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8165: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8173: \$? = $ac_status" >&5 + echo "$as_me:8169: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8456,11 +8452,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8459: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8455: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:8463: \$? = $ac_status" >&5 + echo "$as_me:8459: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -8560,11 +8556,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:8563: $lt_compile\"" >&5) + (eval echo "\"\$as_me:8559: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:8567: \$? = $ac_status" >&5 + echo "$as_me:8563: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -10960,7 +10956,7 @@ lt_dlunknown=0; lt_dlno_uscore=1; lt_dlneed_uscore=2 lt_status=$lt_dlunknown cat > conftest.$ac_ext < conftest.$ac_ext <&5) + (eval echo "\"\$as_me:13468: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:13476: \$? = $ac_status" >&5 + echo "$as_me:13472: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -13573,11 +13569,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:13576: $lt_compile\"" >&5) + (eval echo "\"\$as_me:13572: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:13580: \$? = $ac_status" >&5 + echo "$as_me:13576: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -15156,11 +15152,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15159: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15155: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:15163: \$? = $ac_status" >&5 + echo "$as_me:15159: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -15260,11 +15256,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:15263: $lt_compile\"" >&5) + (eval echo "\"\$as_me:15259: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:15267: \$? = $ac_status" >&5 + echo "$as_me:15263: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -17475,11 +17471,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:17478: $lt_compile\"" >&5) + (eval echo "\"\$as_me:17474: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:17482: \$? = $ac_status" >&5 + echo "$as_me:17478: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -17765,11 +17761,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:17768: $lt_compile\"" >&5) + (eval echo "\"\$as_me:17764: $lt_compile\"" >&5) (eval "$lt_compile" 2>conftest.err) ac_status=$? cat conftest.err >&5 - echo "$as_me:17772: \$? = $ac_status" >&5 + echo "$as_me:17768: \$? = $ac_status" >&5 if (exit $ac_status) && test -s "$ac_outfile"; then # The compiler can only warn and ignore the option if not recognized # So say no if there are warnings other than the usual output. @@ -17869,11 +17865,11 @@ -e 's:.*FLAGS}\{0,1\} :&$lt_compiler_flag :; t' \ -e 's: [^ ]*conftest\.: $lt_compiler_flag&:; t' \ -e 's:$: $lt_compiler_flag:'` - (eval echo "\"\$as_me:17872: $lt_compile\"" >&5) + (eval echo "\"\$as_me:17868: $lt_compile\"" >&5) (eval "$lt_compile" 2>out/conftest.err) ac_status=$? cat out/conftest.err >&5 - echo "$as_me:17876: \$? = $ac_status" >&5 + echo "$as_me:17872: \$? = $ac_status" >&5 if (exit $ac_status) && test -s out/conftest2.$ac_objext then # The compiler can only warn and ignore the option if not recognized @@ -45006,8 +45002,6 @@ - - for ac_func in \ backtrace_symbols_fd \ bcopy \ @@ -45064,8 +45058,6 @@ srand48 \ srandom \ statfs \ - strsep \ - strtoll \ sysconf \ syslog \ timegm \ @@ -45173,10 +45165,14 @@ + + for ac_func in \ drand48 \ initgroups \ strerror \ + strsep \ + strtoll \ tempnam \ do @@ -45937,45 +45933,6 @@ fi - - if false; then - NEED_OWN_STRSEP_TRUE= - NEED_OWN_STRSEP_FALSE='#' -else - NEED_OWN_STRSEP_TRUE='#' - NEED_OWN_STRSEP_FALSE= -fi - -if test "$ac_cv_func_strsep" = "no" ; then - if true; then - NEED_OWN_STRSEP_TRUE= - NEED_OWN_STRSEP_FALSE='#' -else - NEED_OWN_STRSEP_TRUE='#' - NEED_OWN_STRSEP_FALSE= -fi - -fi - - if false; then - NEED_OWN_STRTOLL_TRUE= - NEED_OWN_STRTOLL_FALSE='#' -else - NEED_OWN_STRTOLL_TRUE='#' - NEED_OWN_STRTOLL_FALSE= -fi - -if test "$ac_cv_func_strtoll" = "no" ; then - if true; then - NEED_OWN_STRTOLL_TRUE= - NEED_OWN_STRTOLL_FALSE='#' -else - NEED_OWN_STRTOLL_TRUE='#' - NEED_OWN_STRTOLL_FALSE= -fi - -fi - { $as_echo "$as_me:$LINENO: checking if va_copy is implemented" >&5 $as_echo_n "checking if va_copy is implemented... " >&6; } if test "${ac_cv_func_va_copy+set}" = set; then @@ -47803,34 +47760,6 @@ Usually this means the macro was only invoked conditionally." >&2;} { (exit 1); exit 1; }; } fi -if test -z "${NEED_OWN_STRSEP_TRUE}" && test -z "${NEED_OWN_STRSEP_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"NEED_OWN_STRSEP\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"NEED_OWN_STRSEP\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${NEED_OWN_STRSEP_TRUE}" && test -z "${NEED_OWN_STRSEP_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"NEED_OWN_STRSEP\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"NEED_OWN_STRSEP\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${NEED_OWN_STRTOLL_TRUE}" && test -z "${NEED_OWN_STRTOLL_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"NEED_OWN_STRTOLL\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"NEED_OWN_STRTOLL\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi -if test -z "${NEED_OWN_STRTOLL_TRUE}" && test -z "${NEED_OWN_STRTOLL_FALSE}"; then - { { $as_echo "$as_me:$LINENO: error: conditional \"NEED_OWN_STRTOLL\" was never defined. -Usually this means the macro was only invoked conditionally." >&5 -$as_echo "$as_me: error: conditional \"NEED_OWN_STRTOLL\" was never defined. -Usually this means the macro was only invoked conditionally." >&2;} - { (exit 1); exit 1; }; } -fi : ${CONFIG_STATUS=./config.status} ac_write_fail=0 @@ -48153,7 +48082,7 @@ # report actual input values of CONFIG_FILES etc. instead of their # values after options handling. ac_log=" -This file was extended by Squid Web Proxy $as_me 3.0.STABLE16, which was +This file was extended by Squid Web Proxy $as_me 3.0.STABLE17, which was generated by GNU Autoconf 2.62. Invocation command line was CONFIG_FILES = $CONFIG_FILES @@ -48206,7 +48135,7 @@ _ACEOF cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1 ac_cs_version="\\ -Squid Web Proxy config.status 3.0.STABLE16 +Squid Web Proxy config.status 3.0.STABLE17 configured by $0, generated by GNU Autoconf 2.62, with options \\"`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`\\" diff -u -r -N squid-3.0.STABLE16/configure.in squid-3.0.STABLE17/configure.in --- squid-3.0.STABLE16/configure.in 2009-06-15 19:31:33.000000000 +1200 +++ squid-3.0.STABLE17/configure.in 2009-07-27 00:24:48.000000000 +1200 @@ -1,13 +1,13 @@ dnl Configuration input file for Squid dnl dnl -AC_INIT(Squid Web Proxy, 3.0.STABLE16, http://www.squid-cache.org/bugs/, squid) +AC_INIT(Squid Web Proxy, 3.0.STABLE17, http://www.squid-cache.org/bugs/, squid) AC_PREREQ(2.52) AM_CONFIG_HEADER(include/autoconf.h) AC_CONFIG_AUX_DIR(cfgaux) AC_CONFIG_SRCDIR([src/main.cc]) AM_INIT_AUTOMAKE([tar-ustar]) -AC_REVISION($Revision: 1.488.2.3 $)dnl +AC_REVISION($Revision$)dnl AC_PREFIX_DEFAULT(/usr/local/squid) AM_MAINTAINER_MODE @@ -2651,8 +2651,6 @@ srand48 \ srandom \ statfs \ - strsep \ - strtoll \ sysconf \ syslog \ timegm \ @@ -2663,6 +2661,8 @@ drand48 \ initgroups \ strerror \ + strsep \ + strtoll \ tempnam \ ) @@ -2809,17 +2809,6 @@ AC_DEFINE(HAVE_STRNSTR,0,[Yay! A MacOS X brokenness. Its not good enough to know that strnstr() exists, because MacOSX 10.4 and earlier may have a buffer overrun.]) fi - -AM_CONDITIONAL(NEED_OWN_STRSEP, false) -if test "$ac_cv_func_strsep" = "no" ; then - AM_CONDITIONAL(NEED_OWN_STRSEP, true) -fi - -AM_CONDITIONAL(NEED_OWN_STRTOLL, false) -if test "$ac_cv_func_strtoll" = "no" ; then - AM_CONDITIONAL(NEED_OWN_STRTOLL, true) -fi - dnl dnl Test for va_copy dnl diff -u -r -N squid-3.0.STABLE16/helpers/basic_auth/NCSA/crypt_md5.c squid-3.0.STABLE17/helpers/basic_auth/NCSA/crypt_md5.c --- squid-3.0.STABLE16/helpers/basic_auth/NCSA/crypt_md5.c 2009-06-15 19:31:13.000000000 +1200 +++ squid-3.0.STABLE17/helpers/basic_auth/NCSA/crypt_md5.c 2009-07-27 00:24:41.000000000 +1200 @@ -14,12 +14,16 @@ * Origin: Id: crypt.c,v 1.3 1995/05/30 05:42:22 rgrimes Exp * */ +#include "config.h" +#if HAVE_STRING_H #include +#endif +#if HAVE_STDIO_H #include -#include "config.h" -#include "md5.h" +#endif +#include "md5.h" #include "crypt_md5.h" static unsigned char itoa64[] = /* 0 ... 63 => ascii - 64 */ diff -u -r -N squid-3.0.STABLE16/helpers/basic_auth/NCSA/ncsa_auth.c squid-3.0.STABLE17/helpers/basic_auth/NCSA/ncsa_auth.c --- squid-3.0.STABLE16/helpers/basic_auth/NCSA/ncsa_auth.c 2009-06-15 19:31:14.000000000 +1200 +++ squid-3.0.STABLE17/helpers/basic_auth/NCSA/ncsa_auth.c 2009-07-27 00:24:41.000000000 +1200 @@ -18,6 +18,7 @@ */ #include "config.h" + #if HAVE_STDIO_H #include #endif diff -u -r -N squid-3.0.STABLE16/helpers/external_acl/wbinfo_group/wbinfo_group.pl squid-3.0.STABLE17/helpers/external_acl/wbinfo_group/wbinfo_group.pl --- squid-3.0.STABLE16/helpers/external_acl/wbinfo_group/wbinfo_group.pl 2009-06-15 19:31:15.000000000 +1200 +++ squid-3.0.STABLE17/helpers/external_acl/wbinfo_group/wbinfo_group.pl 2009-07-27 00:24:41.000000000 +1200 @@ -50,6 +50,8 @@ $groupGID = `wbinfo -Y "$groupSID"`; chop $groupGID; &debug( "User: -$user-\nGroup: -$group-\nSID: -$groupSID-\nGID: -$groupGID-"); + return 'ERR' if($groupGID eq ""); # Verify if groupGID variable is empty. + return 'ERR' if(`wbinfo -r \Q$user\E` eq ""); # Verify if "wbinfo -r" command returns no value. return 'OK' if(`wbinfo -r \Q$user\E` =~ /^$groupGID$/m); return 'ERR'; } diff -u -r -N squid-3.0.STABLE16/helpers/negotiate_auth/squid_kerb_auth/Makefile.am squid-3.0.STABLE17/helpers/negotiate_auth/squid_kerb_auth/Makefile.am --- squid-3.0.STABLE16/helpers/negotiate_auth/squid_kerb_auth/Makefile.am 2009-06-15 19:31:22.000000000 +1200 +++ squid-3.0.STABLE17/helpers/negotiate_auth/squid_kerb_auth/Makefile.am 2009-07-27 00:24:44.000000000 +1200 @@ -16,7 +16,7 @@ squid_kerb_auth_SOURCES = $(SOURCE) $(SPNEGO) endif -AM_CPPFLAGS = $(KERBINCS) -I$(srcdir)/spnegohelp -I. +INCLUDES = -I$(top_srcdir)/include $(KERBINCS) -I$(srcdir)/spnegohelp -I. #-I$(top_srcdir)/include -I$(top_srcdir)/src LDADD = $(KERBLIBS) #-L$(top_builddir)/lib -lmiscutil $(XTRA_LIBS) diff -u -r -N squid-3.0.STABLE16/helpers/negotiate_auth/squid_kerb_auth/Makefile.in squid-3.0.STABLE17/helpers/negotiate_auth/squid_kerb_auth/Makefile.in --- squid-3.0.STABLE16/helpers/negotiate_auth/squid_kerb_auth/Makefile.in 2009-06-15 19:31:22.000000000 +1200 +++ squid-3.0.STABLE17/helpers/negotiate_auth/squid_kerb_auth/Makefile.in 2009-07-27 00:24:44.000000000 +1200 @@ -262,7 +262,7 @@ EXTRA_DIST = readme.txt do.sh @HAVE_SPNEGO_FALSE@squid_kerb_auth_SOURCES = $(SOURCE) $(SPNEGO) @HAVE_SPNEGO_TRUE@squid_kerb_auth_SOURCES = $(SOURCE) -AM_CPPFLAGS = $(KERBINCS) -I$(srcdir)/spnegohelp -I. +INCLUDES = -I$(top_srcdir)/include $(KERBINCS) -I$(srcdir)/spnegohelp -I. #-I$(top_srcdir)/include -I$(top_srcdir)/src LDADD = $(KERBLIBS) #-L$(top_builddir)/lib -lmiscutil $(XTRA_LIBS) diff -u -r -N squid-3.0.STABLE16/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c squid-3.0.STABLE17/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c --- squid-3.0.STABLE16/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c 2009-06-15 19:31:22.000000000 +1200 +++ squid-3.0.STABLE17/helpers/negotiate_auth/squid_kerb_auth/squid_kerb_auth.c 2009-07-27 00:24:44.000000000 +1200 @@ -191,6 +191,7 @@ { char buf[MAX_AUTHTOKEN_LEN]; char *c; + char *user=NULL; int length=0; static int err=0; int opt, debug=0, loging=0; @@ -283,7 +284,7 @@ } if (debug) - fprintf(stderr, "%s| %s: Got '%s' from squid (length: %d).\n", LogTime(), PROGRAM, buf?buf:"NULL",length); + fprintf(stderr, "%s| %s: Got '%.*s' from squid (length: %d).\n", LogTime(), PROGRAM, length, buf, length); if (buf[0] == '\0') { if (debug) @@ -475,11 +476,20 @@ if (check_gss_err(major_status,minor_status,"gss_display_name()",debug,loging) ) goto cleanup; - fprintf(stdout, "AF %s %s\n",token,(char *)output_token.value); + user=malloc(output_token.length+1); + if (user == NULL) { + if (debug) + fprintf(stderr, "%s| %s: Not enough memory\n", LogTime(), PROGRAM); + fprintf(stdout, "BH Not enough memory\n"); + goto cleanup; + } + memcpy(user,output_token.value,output_token.length); + user[output_token.length]='\0'; + fprintf(stdout, "AF %s %s\n",token,user); if (debug) - fprintf(stderr, "%s| %s: AF %s %s\n", LogTime(), PROGRAM, token,(char *)output_token.value); + fprintf(stderr, "%s| %s: AF %s %s\n", LogTime(), PROGRAM, token,user); if (loging) - fprintf(stderr, "%s| %s: User %s authenticated\n", LogTime(), PROGRAM, (char *)output_token.value); + fprintf(stderr, "%s| %s: User %s authenticated\n", LogTime(), PROGRAM, user); goto cleanup; } else { if (check_gss_err(major_status,minor_status,"gss_accept_sec_context()",debug,loging) ) @@ -499,11 +509,20 @@ /* * Return dummy token AA. May need an extra return tag then AF */ - fprintf(stdout, "AF %s %s\n","AA==",(char *)output_token.value); + user=malloc(output_token.length+1); + if (user == NULL) { + if (debug) + fprintf(stderr, "%s| %s: Not enough memory\n", LogTime(), PROGRAM); + fprintf(stdout, "BH Not enough memory\n"); + goto cleanup; + } + memcpy(user,output_token.value,output_token.length); + user[output_token.length]='\0'; + fprintf(stdout, "AF %s %s\n","AA==",user); if (debug) - fprintf(stderr, "%s| %s: AF %s %s\n", LogTime(), PROGRAM, "AA==", (char *)output_token.value); + fprintf(stderr, "%s| %s: AF %s %s\n", LogTime(), PROGRAM, "AA==", user); if (loging) - fprintf(stderr, "%s| %s: User %s authenticated\n", LogTime(), PROGRAM, (char *)output_token.value); + fprintf(stderr, "%s| %s: User %s authenticated\n", LogTime(), PROGRAM, user); cleanup: gss_release_buffer(&minor_status, &input_token); @@ -528,6 +547,10 @@ free(token); token=NULL; } + if (user) { + free(user); + user=NULL; + } continue; } } diff -u -r -N squid-3.0.STABLE16/include/version.h squid-3.0.STABLE17/include/version.h --- squid-3.0.STABLE16/include/version.h 2009-06-15 19:31:33.000000000 +1200 +++ squid-3.0.STABLE17/include/version.h 2009-07-27 00:24:48.000000000 +1200 @@ -9,5 +9,5 @@ */ #ifndef SQUID_RELEASE_TIME -#define SQUID_RELEASE_TIME 1245051062 +#define SQUID_RELEASE_TIME 1248611075 #endif diff -u -r -N squid-3.0.STABLE16/lib/Makefile.am squid-3.0.STABLE17/lib/Makefile.am --- squid-3.0.STABLE16/lib/Makefile.am 2009-06-15 19:31:24.000000000 +1200 +++ squid-3.0.STABLE17/lib/Makefile.am 2009-07-27 00:24:45.000000000 +1200 @@ -18,17 +18,6 @@ XPROF_STATS_SOURCE = endif -if NEED_OWN_STRSEP -STRSEPSOURCE=strsep.c -else -STRSEPSOURCE= -endif -if NEED_OWN_STRTOLL -STRTOLLSOURCE=strtoll.c -else -STRTOLLSOURCE= -endif - if ENABLE_WIN32SPECIFIC LIBSSPWIN32=libsspwin32.a WIN32SRC = win32lib.c @@ -54,8 +43,6 @@ getopt.c \ md5.c \ Profiler.c \ - strsep.c \ - strtoll.c \ win32lib.c libmiscutil_a_SOURCES = \ MemPool.cc \ @@ -75,8 +62,6 @@ $(SNPRINTFSOURCE) \ Splay.cc \ strnstr.cc \ - $(STRSEPSOURCE) \ - $(STRTOLLSOURCE) \ stub_memaccount.c \ util.c \ uudecode.c \ diff -u -r -N squid-3.0.STABLE16/lib/Makefile.in squid-3.0.STABLE17/lib/Makefile.in --- squid-3.0.STABLE16/lib/Makefile.in 2009-06-15 19:31:24.000000000 +1200 +++ squid-3.0.STABLE17/lib/Makefile.in 2009-07-27 00:24:45.000000000 +1200 @@ -39,7 +39,8 @@ check_PROGRAMS = tests/testAll$(EXEEXT) subdir = lib DIST_COMMON = $(srcdir)/Makefile.am $(srcdir)/Makefile.in drand48.c \ - inet_ntoa.c initgroups.c strerror.c tempnam.c + inet_ntoa.c initgroups.c strerror.c strsep.c strtoll.c \ + tempnam.c ACLOCAL_M4 = $(top_srcdir)/aclocal.m4 am__aclocal_m4_deps = $(top_srcdir)/acinclude.m4 \ $(top_srcdir)/configure.in @@ -56,21 +57,18 @@ am__libmiscutil_a_SOURCES_DIST = MemPool.cc base64.c getfullhostname.c \ hash.c heap.c html_quote.c iso3307.c md5.c radix.c rfc1035.c \ rfc1123.c rfc1738.c rfc2617.c safe_inet_addr.c Splay.cc \ - strnstr.cc strsep.c strtoll.c stub_memaccount.c util.c \ - uudecode.c assert.c xusleep.c Profiler.c win32lib.c -@NEED_OWN_STRSEP_TRUE@am__objects_1 = strsep.$(OBJEXT) -@NEED_OWN_STRTOLL_TRUE@am__objects_2 = strtoll.$(OBJEXT) -@ENABLE_XPROF_STATS_TRUE@am__objects_3 = Profiler.$(OBJEXT) -@ENABLE_WIN32SPECIFIC_TRUE@am__objects_4 = win32lib.$(OBJEXT) + strnstr.cc stub_memaccount.c util.c uudecode.c assert.c \ + xusleep.c Profiler.c win32lib.c +@ENABLE_XPROF_STATS_TRUE@am__objects_1 = Profiler.$(OBJEXT) +@ENABLE_WIN32SPECIFIC_TRUE@am__objects_2 = win32lib.$(OBJEXT) am_libmiscutil_a_OBJECTS = MemPool.$(OBJEXT) base64.$(OBJEXT) \ getfullhostname.$(OBJEXT) hash.$(OBJEXT) heap.$(OBJEXT) \ html_quote.$(OBJEXT) iso3307.$(OBJEXT) md5.$(OBJEXT) \ radix.$(OBJEXT) rfc1035.$(OBJEXT) rfc1123.$(OBJEXT) \ rfc1738.$(OBJEXT) rfc2617.$(OBJEXT) safe_inet_addr.$(OBJEXT) \ - Splay.$(OBJEXT) strnstr.$(OBJEXT) $(am__objects_1) \ - $(am__objects_2) stub_memaccount.$(OBJEXT) util.$(OBJEXT) \ - uudecode.$(OBJEXT) assert.$(OBJEXT) xusleep.$(OBJEXT) \ - $(am__objects_3) $(am__objects_4) + Splay.$(OBJEXT) strnstr.$(OBJEXT) stub_memaccount.$(OBJEXT) \ + util.$(OBJEXT) uudecode.$(OBJEXT) assert.$(OBJEXT) \ + xusleep.$(OBJEXT) $(am__objects_1) $(am__objects_2) libmiscutil_a_OBJECTS = $(am_libmiscutil_a_OBJECTS) libntlmauth_a_AR = $(AR) $(ARFLAGS) libntlmauth_a_DEPENDENCIES = @LIBOBJS@ @@ -87,7 +85,7 @@ am__tests_testAll_SOURCES_DIST = tests/testArray.cc tests/testMain.cc \ tests/testArray.h Profiler.c win32lib.c util.c assert.c am_tests_testAll_OBJECTS = testArray.$(OBJEXT) testMain.$(OBJEXT) \ - $(am__objects_3) $(am__objects_4) util.$(OBJEXT) \ + $(am__objects_1) $(am__objects_2) util.$(OBJEXT) \ assert.$(OBJEXT) tests_testAll_OBJECTS = $(am_tests_testAll_OBJECTS) tests_testAll_DEPENDENCIES = @@ -314,10 +312,6 @@ AM_CXXFLAGS = @SQUID_CXXFLAGS@ @ENABLE_XPROF_STATS_FALSE@XPROF_STATS_SOURCE = @ENABLE_XPROF_STATS_TRUE@XPROF_STATS_SOURCE = Profiler.c -@NEED_OWN_STRSEP_FALSE@STRSEPSOURCE = -@NEED_OWN_STRSEP_TRUE@STRSEPSOURCE = strsep.c -@NEED_OWN_STRTOLL_FALSE@STRTOLLSOURCE = -@NEED_OWN_STRTOLL_TRUE@STRTOLLSOURCE = strtoll.c @ENABLE_WIN32SPECIFIC_FALSE@LIBSSPWIN32 = @ENABLE_WIN32SPECIFIC_TRUE@LIBSSPWIN32 = libsspwin32.a @ENABLE_WIN32SPECIFIC_FALSE@WIN32SRC = @@ -341,8 +335,6 @@ getopt.c \ md5.c \ Profiler.c \ - strsep.c \ - strtoll.c \ win32lib.c libmiscutil_a_SOURCES = \ @@ -363,8 +355,6 @@ $(SNPRINTFSOURCE) \ Splay.cc \ strnstr.cc \ - $(STRSEPSOURCE) \ - $(STRTOLLSOURCE) \ stub_memaccount.c \ util.c \ uudecode.c \ @@ -476,6 +466,8 @@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/inet_ntoa.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/initgroups.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strerror.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strsep.Po@am__quote@ +@AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/strtoll.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@$(DEPDIR)/tempnam.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/GNUregex.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/MemPool.Po@am__quote@ @@ -501,8 +493,6 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/safe_inet_addr.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sspwin32.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strnstr.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strsep.Po@am__quote@ -@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/strtoll.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/stub_memaccount.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/testArray.Po@am__quote@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/testMain.Po@am__quote@ diff -u -r -N squid-3.0.STABLE16/RELEASENOTES.html squid-3.0.STABLE17/RELEASENOTES.html --- squid-3.0.STABLE16/RELEASENOTES.html 2009-06-15 19:33:35.000000000 +1200 +++ squid-3.0.STABLE17/RELEASENOTES.html 2009-07-27 00:25:31.000000000 +1200 @@ -2,10 +2,10 @@ - Squid 3.0.STABLE16 release notes + Squid 3.0.STABLE17 release notes -

Squid 3.0.STABLE16 release notes

+

Squid 3.0.STABLE17 release notes

Squid Developers

@@ -15,7 +15,7 @@

1. Notice

-

The Squid Team are pleased to announce the release of Squid-3.0.STABLE16.

+

The Squid Team are pleased to announce the release of Squid-3.0.STABLE17.

This new release is available for download from http://www.squid-cache.org/Versions/v3/3.0/ or the mirrors.

diff -u -r -N squid-3.0.STABLE16/SPONSORS squid-3.0.STABLE17/SPONSORS --- squid-3.0.STABLE16/SPONSORS 2009-06-15 19:31:05.000000000 +1200 +++ squid-3.0.STABLE17/SPONSORS 2009-07-27 00:24:36.000000000 +1200 @@ -67,3 +67,9 @@ Barefruit has funded Squid3 development and maintenance, with a focus on the ICAP client support. + +Treehouse Networks, NZ - http://treenet.co.nz/ + + Treehouse Networks has contributed significant development resources + toward Squid-3 development and maintenance for their customer + gateways and CDN. diff -u -r -N squid-3.0.STABLE16/src/cache_cf.cc squid-3.0.STABLE17/src/cache_cf.cc --- squid-3.0.STABLE16/src/cache_cf.cc 2009-06-15 19:31:29.000000000 +1200 +++ squid-3.0.STABLE17/src/cache_cf.cc 2009-07-27 00:24:47.000000000 +1200 @@ -1598,6 +1598,22 @@ } /** + * utility function to prevent getservbyname() being called with a numeric value + * on Windows at least it returns garage results. + */ +static bool +isUnsignedNumeric(const char *str, size_t len) +{ + if (len < 1) return false; + + for (; len >0 && *str; str++, len--) { + if (! isdigit(*str)) + return false; + } + return true; +} + +/** \param proto 'tcp' or 'udp' for protocol \returns Port the named service is supposed to be listening on. */ @@ -1612,7 +1628,8 @@ return 0; /* NEVER REACHED */ } /** Returns either the service port number from /etc/services */ - port = getservbyname(token, proto); + if( !isUnsignedNumeric(token, strlen(token)) ) + port = getservbyname(token, proto); if (port != NULL) { return ntohs((u_short)port->s_port); } diff -u -r -N squid-3.0.STABLE16/src/client_side.cc squid-3.0.STABLE17/src/client_side.cc --- squid-3.0.STABLE16/src/client_side.cc 2009-06-15 19:31:30.000000000 +1200 +++ squid-3.0.STABLE17/src/client_side.cc 2009-07-27 00:24:47.000000000 +1200 @@ -1855,6 +1855,17 @@ /* pre-set these values to make aborting simpler */ *method_p = METHOD_NONE; + /* NP: don't be tempted to move this down or remove again. + * It's the only DDoS protection old-String has against long URL */ + if ( hp->bufsiz <= 0) { + debugs(33, 5, "Incomplete request, waiting for end of request line"); + return NULL; + } + else if ( (size_t)hp->bufsiz >= Config.maxRequestHeaderSize && headersEnd(hp->buf, Config.maxRequestHeaderSize) == 0) { + debugs(33, 5, "parseHttpRequest: Too large request"); + return parseHttpRequestAbort(conn, "error:request-too-large"); + } + /* Attempt to parse the first line; this'll define the method, url, version and header begin */ r = HttpParserParseReqLine(hp); @@ -2141,7 +2152,7 @@ // when we read chunked requests, the entire body is buffered // XXX: this check ignores header size and its limits. if (conn->in.dechunkingState == ConnStateData::chunkParsing) - return conn->in.notYetUsed < Config.maxChunkedRequestBodySize; + return ((int64_t)conn->in.notYetUsed) < Config.maxChunkedRequestBodySize; return conn->in.notYetUsed >= Config.maxRequestHeaderSize ? 0 : 1; } diff -u -r -N squid-3.0.STABLE16/src/client_side_reply.cc squid-3.0.STABLE17/src/client_side_reply.cc --- squid-3.0.STABLE16/src/client_side_reply.cc 2009-06-15 19:31:30.000000000 +1200 +++ squid-3.0.STABLE17/src/client_side_reply.cc 2009-07-27 00:24:47.000000000 +1200 @@ -637,10 +637,9 @@ return; } - /* - * Deny loops when running in accelerator/transproxy mode. - */ - if (http->flags.accel && r->flags.loopdetect) { + /// Deny loops for accelerator and interceptor. TODO: deny in all modes? + if (r->flags.loopdetect && + (http->flags.accel || http->flags.transparent)) { http->al.http.code = HTTP_FORBIDDEN; err = clientBuildError(ERR_ACCESS_DENIED, HTTP_FORBIDDEN, NULL, @@ -1294,7 +1293,7 @@ LOCAL_ARRAY(char, bbuf, MAX_URL + 32); String strVia; hdr->getList(HDR_VIA, &strVia); - snprintf(bbuf, sizeof(bbuf), "%d.%d %s", + snprintf(bbuf, MAX_URL + 32, "%d.%d %s", reply->sline.version.major, reply->sline.version.minor, ThisCache); diff -u -r -N squid-3.0.STABLE16/src/ESI.cc squid-3.0.STABLE17/src/ESI.cc --- squid-3.0.STABLE16/src/ESI.cc 2009-06-15 19:31:27.000000000 +1200 +++ squid-3.0.STABLE17/src/ESI.cc 2009-07-27 00:24:46.000000000 +1200 @@ -1047,10 +1047,19 @@ assert (xstrncpy (pos, attr[i], sizeof(localbuf) + (pos - localbuf))); pos += strlen (pos); *pos++ = '='; - *pos++ = '\''; - assert (xstrncpy (pos, attr[i + 1], sizeof(localbuf) + (pos - localbuf))); + *pos++ = '\"'; + const char *chPtr = attr[i + 1]; + char ch; + while ((ch = *chPtr++) != '\0') { + if (ch == '\"') { + assert( xstrncpy(pos, """, sizeof(localbuf) + (pos-localbuf)) ); + pos += 6; + } else { + *(pos++) = ch; + } + } pos += strlen (pos); - *pos++ = '\''; + *pos++ = '\"'; } *pos++ = '>'; diff -u -r -N squid-3.0.STABLE16/src/fs/ufs/store_io_ufs.cc squid-3.0.STABLE17/src/fs/ufs/store_io_ufs.cc --- squid-3.0.STABLE16/src/fs/ufs/store_io_ufs.cc 2009-06-15 19:31:31.000000000 +1200 +++ squid-3.0.STABLE17/src/fs/ufs/store_io_ufs.cc 2009-07-27 00:24:47.000000000 +1200 @@ -363,17 +363,10 @@ } /* - * DPW 2007-04-12 - * I'm seeing disk files remain open under vanilla UFS storage - * because storeClose() gets called before the last write is - * complete. I guess we have to check for the try_closing - * flag here. + * HNO 2009-07-24 + * Kick any pending write/close operations alive */ - if (flags.try_closing) { - debugs(72, 2, HERE << "UFSStoreState::writeCompleted" << - " flags.try_closing is set"); - tryClosing(); - } + drainWriteQueue(); } void diff -u -r -N squid-3.0.STABLE16/src/helper.cc squid-3.0.STABLE17/src/helper.cc --- squid-3.0.STABLE16/src/helper.cc 2009-06-15 19:31:31.000000000 +1200 +++ squid-3.0.STABLE17/src/helper.cc 2009-07-27 00:24:47.000000000 +1200 @@ -99,7 +99,7 @@ shortname = xstrdup(progname); /* dont ever start more than hlp->n_to_start processes. */ - int need_new = hlp->n_to_start - hlp->n_running; + int need_new = hlp->n_to_start - hlp->n_active; debugs(84, 1, "helperOpenServers: Starting " << need_new << "/" << hlp->n_to_start << " '" << shortname << "' processes"); @@ -203,7 +203,8 @@ shortname = xstrdup(progname); /* dont ever start more than hlp->n_to_start processes. */ - int need_new = hlp->n_to_start - hlp->n_running; + /* n_active are the helpers which have not been shut down. */ + int need_new = hlp->n_to_start - hlp->n_active; debugs(84, 1, "helperOpenServers: Starting " << need_new << "/" << hlp->n_to_start << " '" << shortname << "' processes"); @@ -538,8 +539,8 @@ storeAppendPrintf(sentry, "program: %s\n", hlp->cmdline->key); - storeAppendPrintf(sentry, "number running: %d of %d\n", - hlp->n_running, hlp->n_to_start); + storeAppendPrintf(sentry, "number active: %d of %d (%d shutting down)\n", + hlp->n_active, hlp->n_to_start, (hlp->n_running - hlp->n_active) ); storeAppendPrintf(sentry, "requests sent: %d\n", hlp->stats.requests); storeAppendPrintf(sentry, "replies received: %d\n", @@ -580,7 +581,7 @@ storeAppendPrintf(sentry, " B = BUSY\n"); storeAppendPrintf(sentry, " W = WRITING\n"); storeAppendPrintf(sentry, " C = CLOSING\n"); - storeAppendPrintf(sentry, " S = SHUTDOWN\n"); + storeAppendPrintf(sentry, " S = SHUTDOWN PENDING\n"); } void @@ -591,8 +592,8 @@ storeAppendPrintf(sentry, "program: %s\n", hlp->cmdline->key); - storeAppendPrintf(sentry, "number running: %d of %d\n", - hlp->n_running, hlp->n_to_start); + storeAppendPrintf(sentry, "number active: %d of %d (%d shutting down)\n", + hlp->n_active, hlp->n_to_start, (hlp->n_running - hlp->n_active) ); storeAppendPrintf(sentry, "requests sent: %d\n", hlp->stats.requests); storeAppendPrintf(sentry, "replies received: %d\n", @@ -637,7 +638,7 @@ storeAppendPrintf(sentry, " B = BUSY\n"); storeAppendPrintf(sentry, " C = CLOSING\n"); storeAppendPrintf(sentry, " R = RESERVED or DEFERRED\n"); - storeAppendPrintf(sentry, " S = SHUTDOWN\n"); + storeAppendPrintf(sentry, " S = SHUTDOWN PENDING\n"); storeAppendPrintf(sentry, " P = PLACEHOLDER\n"); } @@ -664,7 +665,6 @@ hlp->n_active--; assert(hlp->n_active >= 0); - srv->flags.shutdown = 1; /* request it to shut itself down */ if (srv->flags.closing) { diff -u -r -N squid-3.0.STABLE16/src/helper.h squid-3.0.STABLE17/src/helper.h --- squid-3.0.STABLE16/src/helper.h 2009-06-15 19:31:31.000000000 +1200 +++ squid-3.0.STABLE17/src/helper.h 2009-07-27 00:24:47.000000000 +1200 @@ -61,9 +61,9 @@ dlink_list servers; dlink_list queue; const char *id_name; - int n_to_start; - int n_running; - int n_active; + int n_to_start; ///< Configuration setting of how many helper children should be running + int n_running; ///< Total helper children objects currently existing + int n_active; ///< Count of helper children active (not shutting down) int ipc_type; unsigned int concurrency; time_t last_queue_warn; @@ -86,9 +86,9 @@ dlink_list servers; dlink_list queue; const char *id_name; - int n_to_start; - int n_running; - int n_active; + int n_to_start; ///< Configuration setting of how many helper children should be running + int n_running; ///< Total helper children objects currently existing + int n_active; ///< Count of helper children active (not shutting down) int ipc_type; MemAllocator *datapool; HLPSAVAIL *IsAvailable; diff -u -r -N squid-3.0.STABLE16/src/http.cc squid-3.0.STABLE17/src/http.cc --- squid-3.0.STABLE16/src/http.cc 2009-06-15 19:31:31.000000000 +1200 +++ squid-3.0.STABLE17/src/http.cc 2009-07-27 00:24:47.000000000 +1200 @@ -85,7 +85,7 @@ surrogateNoStore = false; fd = fwd->server_fd; readBuf = new MemBuf; - readBuf->init(4096, SQUID_TCP_SO_RCVBUF); + readBuf->init(); orig_request = HTTPMSGLOCK(fwd->request); if (fwd->servers) diff -u -r -N squid-3.0.STABLE16/src/HttpMsg.cc squid-3.0.STABLE17/src/HttpMsg.cc --- squid-3.0.STABLE16/src/HttpMsg.cc 2009-06-15 19:31:28.000000000 +1200 +++ squid-3.0.STABLE17/src/HttpMsg.cc 2009-07-27 00:24:46.000000000 +1200 @@ -150,20 +150,24 @@ buf->terminate(); // does not affect content size // find the end of headers - // TODO: Remove? httpReplyParseStep() should do similar checks const size_t hdr_len = headersEnd(buf->content(), buf->contentSize()); + // sanity check the start line to see if this is in fact an HTTP message + if (!sanityCheckStartLine(buf, hdr_len, error)) { + debugs(58,1, HERE << "first line of HTTP message is invalid"); + // NP: sanityCheck sets *error + return false; + } + // TODO: move to httpReplyParseStep() if (hdr_len > Config.maxReplyHeaderSize || (hdr_len <= 0 && (size_t)buf->contentSize() > Config.maxReplyHeaderSize)) { - debugs(58, 1, "HttpMsg::parse: Too large reply header (" << - hdr_len << " > " << Config.maxReplyHeaderSize); + debugs(58, 1, "HttpMsg::parse: Too large reply header (" << hdr_len << " > " << Config.maxReplyHeaderSize); *error = HTTP_HEADER_TOO_LARGE; return false; } if (hdr_len <= 0) { - debugs(58, 3, "HttpMsg::parse: failed to find end of headers " << - "(eof: " << eof << ") in '" << buf->content() << "'"); + debugs(58, 3, "HttpMsg::parse: failed to find end of headers (eof: " << eof << ") in '" << buf->content() << "'"); if (eof) // iff we have seen the end, this is an error *error = HTTP_INVALID_HEADER; @@ -171,30 +175,22 @@ return false; } - if (!sanityCheckStartLine(buf, error)) { - debugs(58,1, HERE << "first line of HTTP message is invalid"); - *error = HTTP_INVALID_HEADER; - return false; - } - const int res = httpMsgParseStep(buf->content(), buf->contentSize(), eof); if (res < 0) { // error - debugs(58, 3, "HttpMsg::parse: cannot parse isolated headers " << - "in '" << buf->content() << "'"); + debugs(58, 3, "HttpMsg::parse: cannot parse isolated headers in '" << buf->content() << "'"); *error = HTTP_INVALID_HEADER; return false; } if (res == 0) { - debugs(58, 2, "HttpMsg::parse: strange, need more data near '" << - buf->content() << "'"); + debugs(58, 2, "HttpMsg::parse: strange, need more data near '" << buf->content() << "'"); + *error = HTTP_INVALID_HEADER; return false; // but this should not happen due to headersEnd() above } assert(res > 0); - debugs(58, 9, "HttpMsg::parse success (" << hdr_len << " bytes) " << - "near '" << buf->content() << "'"); + debugs(58, 9, "HttpMsg::parse success (" << hdr_len << " bytes) near '" << buf->content() << "'"); if (hdr_sz != (int)hdr_len) { debugs(58, 1, "internal HttpMsg::parse vs. headersEnd error: " << @@ -379,9 +375,8 @@ packerClean(&p); } -HttpMsg * - // use HTTPMSGLOCK() instead of calling this directly +HttpMsg * HttpMsg::_lock() { lock_count++; diff -u -r -N squid-3.0.STABLE16/src/HttpMsg.h squid-3.0.STABLE17/src/HttpMsg.h --- squid-3.0.STABLE16/src/HttpMsg.h 2009-06-15 19:31:28.000000000 +1200 +++ squid-3.0.STABLE17/src/HttpMsg.h 2009-07-27 00:24:46.000000000 +1200 @@ -94,7 +94,14 @@ void firstLineBuf(MemBuf&); protected: - virtual bool sanityCheckStartLine(MemBuf *buf, http_status *error) = 0; + /** + * Validate the message start line is syntactically correct. + * Set HTTP error status according to problems found. + * + * \retval true Status line has no serious problems. + * \retval false Status line has a serious problem. Correct response is indicated by error. + */ + virtual bool sanityCheckStartLine(MemBuf *buf, const size_t hdr_len, http_status *error) = 0; virtual void packFirstLineInto(Packer * p, bool full_uri) const = 0; diff -u -r -N squid-3.0.STABLE16/src/HttpReply.cc squid-3.0.STABLE17/src/HttpReply.cc --- squid-3.0.STABLE16/src/HttpReply.cc 2009-06-15 19:31:28.000000000 +1200 +++ squid-3.0.STABLE17/src/HttpReply.cc 2009-07-27 00:24:46.000000000 +1200 @@ -434,14 +434,52 @@ return content_length; } -bool HttpReply::sanityCheckStartLine(MemBuf *buf, http_status *error) +/** + * Checks the first line of an HTTP Reply is valid. + * currently only checks "HTTP/" exists. + * + * NP: not all error cases are detected yet. Some are left for detection later in parse. + */ +bool +HttpReply::sanityCheckStartLine(MemBuf *buf, const size_t hdr_len, http_status *error) { - if (buf->contentSize() >= protoPrefix.size() && protoPrefix.cmp(buf->content(), protoPrefix.size()) != 0) { + // content is long enough to possibly hold a reply + // 4 being magic size of a 3-digit number plus space delimiter + if ( buf->contentSize() < (protoPrefix.size() + 4) ) { + if (hdr_len > 0) + *error = HTTP_INVALID_HEADER; + return false; + } + + // catch missing or mismatched protocol identifier + if (protoPrefix.cmp(buf->content(), protoPrefix.size()) != 0) { debugs(58, 3, "HttpReply::sanityCheckStartLine: missing protocol prefix (" << protoPrefix.buf() << ") in '" << buf->content() << "'"); *error = HTTP_INVALID_HEADER; return false; } + // catch missing or negative status value (negative '-' is not a digit) + int pos = protoPrefix.size(); + + // skip arbitrary number of digits and a dot in the verion portion + while ( pos <= buf->contentSize() && (*(buf->content()+pos) == '.' || xisdigit(*(buf->content()+pos)) ) ) ++pos; + + // catch missing version info + if (pos == protoPrefix.size()) { + debugs(58, 3, "HttpReply::sanityCheckStartLine: missing protocol version numbers (ie. " << protoPrefix << "/1.0) in '" << buf->content() << "'"); + *error = HTTP_INVALID_HEADER; + return false; + } + + // skip arbitrary number of spaces... + while (pos <= buf->contentSize() && (char)*(buf->content()+pos) == ' ') ++pos; + + if (!xisdigit(*(buf->content()+pos))) { + debugs(58, 3, "HttpReply::sanityCheckStartLine: missing or invalid status number in '" << buf->content() << "'"); + *error = HTTP_INVALID_HEADER; + return false; + } + return true; } diff -u -r -N squid-3.0.STABLE16/src/HttpReply.h squid-3.0.STABLE17/src/HttpReply.h --- squid-3.0.STABLE16/src/HttpReply.h 2009-06-15 19:31:28.000000000 +1200 +++ squid-3.0.STABLE17/src/HttpReply.h 2009-07-27 00:24:46.000000000 +1200 @@ -66,9 +66,9 @@ //virtual void unlock(); // only needed for debugging // returns true on success - // returns false and sets *error to zero when needs more data + // returns false and leaves *error unchanged when needs more data // returns false and sets *error to a positive http_status code on error - virtual bool sanityCheckStartLine(MemBuf *buf, http_status *error); + virtual bool sanityCheckStartLine(MemBuf *buf, const size_t hdr_len, http_status *error); /* public, readable; never update these or their .hdr equivalents directly */ time_t date; diff -u -r -N squid-3.0.STABLE16/src/HttpRequest.cc squid-3.0.STABLE17/src/HttpRequest.cc --- squid-3.0.STABLE16/src/HttpRequest.cc 2009-06-15 19:31:28.000000000 +1200 +++ squid-3.0.STABLE17/src/HttpRequest.cc 2009-07-27 00:24:46.000000000 +1200 @@ -142,17 +142,29 @@ init(); } +/** + * Checks the first line of an HTTP request is valid + * currently just checks the request method is present. + * + * NP: Other errors are left for detection later in the parse. + */ bool -HttpRequest::sanityCheckStartLine(MemBuf *buf, http_status *error) +HttpRequest::sanityCheckStartLine(MemBuf *buf, const size_t hdr_len, http_status *error) { - /* - * Just see if the request buffer starts with a known - * HTTP request method. NOTE this whole function is somewhat - * superfluous and could just go away. - */ + // content is long enough to possibly hold a reply + // 2 being magic size of a 1-byte request method plus space delimiter + if ( buf->contentSize() < 2 ) { + // this is ony a real error if the headers apparently complete. + if (hdr_len > 0) { + *error = HTTP_INVALID_HEADER; + } + return false; + } + /* See if the request buffer starts with a known HTTP request method. */ if (METHOD_NONE == HttpRequestMethod(buf->content())) { debugs(73, 3, "HttpRequest::sanityCheckStartLine: did not find HTTP request method"); + *error = HTTP_INVALID_HEADER; return false; } diff -u -r -N squid-3.0.STABLE16/src/HttpRequest.h squid-3.0.STABLE17/src/HttpRequest.h --- squid-3.0.STABLE16/src/HttpRequest.h 2009-06-15 19:31:28.000000000 +1200 +++ squid-3.0.STABLE17/src/HttpRequest.h 2009-07-27 00:24:46.000000000 +1200 @@ -157,7 +157,7 @@ protected: virtual void packFirstLineInto(Packer * p, bool full_uri) const; - virtual bool sanityCheckStartLine(MemBuf *buf, http_status *error); + virtual bool sanityCheckStartLine(MemBuf *buf, const size_t hdr_len, http_status *error); virtual void hdrCacheInit(); diff -u -r -N squid-3.0.STABLE16/src/Makefile.am squid-3.0.STABLE17/src/Makefile.am --- squid-3.0.STABLE16/src/Makefile.am 2009-06-15 19:31:28.000000000 +1200 +++ squid-3.0.STABLE17/src/Makefile.am 2009-07-27 00:24:46.000000000 +1200 @@ -25,7 +25,7 @@ SNMP_SOURCE = endif -TESTS=$(check_PROGRAMS) +TESTS= check_PROGRAMS= SUBDIRS = fs repl auth @@ -1135,6 +1135,9 @@ tests/testURL \ @STORE_TESTS@ +## NP: required to run the above list. check_PROGRAMS only builds the binaries... +TESTS += $(check_PROGRAMS) + ### Template for new Unit Test Program ## - add tests/testX to check_PROGRAMS above. ## - copy template below and substitue X for class name diff -u -r -N squid-3.0.STABLE16/src/String.cc squid-3.0.STABLE17/src/String.cc --- squid-3.0.STABLE16/src/String.cc 2009-06-15 19:31:29.000000000 +1200 +++ squid-3.0.STABLE17/src/String.cc 2009-07-27 00:24:46.000000000 +1200 @@ -173,6 +173,7 @@ len_ += len; } else { String snew; + assert(len_ + len < 65536); // otherwise snew.len_ overflows below snew.len_ = len_ + len; snew.initBuf(snew.len_ + 1); diff -u -r -N squid-3.0.STABLE16/src/tests/stub_HttpReply.cc squid-3.0.STABLE17/src/tests/stub_HttpReply.cc --- squid-3.0.STABLE16/src/tests/stub_HttpReply.cc 2009-06-15 19:31:32.000000000 +1200 +++ squid-3.0.STABLE17/src/tests/stub_HttpReply.cc 2009-07-27 00:24:48.000000000 +1200 @@ -76,7 +76,7 @@ } bool -HttpReply::sanityCheckStartLine(MemBuf *buf, http_status *error) +HttpReply::sanityCheckStartLine(MemBuf *buf, const size_t hdr_len, http_status *error) { fatal ("Not implemented"); return false; diff -u -r -N squid-3.0.STABLE16/src/tests/stub_HttpRequest.cc squid-3.0.STABLE17/src/tests/stub_HttpRequest.cc --- squid-3.0.STABLE16/src/tests/stub_HttpRequest.cc 2009-06-15 19:31:32.000000000 +1200 +++ squid-3.0.STABLE17/src/tests/stub_HttpRequest.cc 2009-07-27 00:24:48.000000000 +1200 @@ -56,7 +56,7 @@ } bool -HttpRequest::sanityCheckStartLine(MemBuf *buf, http_status *error) +HttpRequest::sanityCheckStartLine(MemBuf *buf, const size_t hdr_len, http_status *error) { fatal("Not implemented"); return false; diff -u -r -N squid-3.0.STABLE16/src/wccp2.cc squid-3.0.STABLE17/src/wccp2.cc --- squid-3.0.STABLE16/src/wccp2.cc 2009-06-15 19:31:33.000000000 +1200 +++ squid-3.0.STABLE17/src/wccp2.cc 2009-07-27 00:24:48.000000000 +1200 @@ -1183,7 +1183,9 @@ /* Go through the data structure */ while (data_length > offset) { - header = (struct wccp2_item_header_t *) &wccp2_i_see_you.data[offset]; + char *data = wccp2_i_see_you.data; + + header = (struct wccp2_item_header_t *) &data[offset]; switch (ntohs(header->type)) { @@ -1402,6 +1404,7 @@ for (num_caches = 0; num_caches < (int) ntohl(tmp); num_caches++) { /* Get a copy of the ip */ + memset(&cache_address, 0, sizeof(cache_address)); // Make GCC happy switch (Config.Wccp2.assignment_method) {