diff -u -r -N squid-3.3.0.2/ChangeLog squid-3.3.0.3/ChangeLog
--- squid-3.3.0.2/ChangeLog 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/ChangeLog 2013-01-09 14:09:06.000000000 +1300
@@ -1,3 +1,12 @@
+Changes to squid-3.3.0.3 (09 Jan 2013):
+
+ - Bug 3729: 32-bit overflow in parsing 64-bit configuration values
+ - Bug 3728: Improve debug for cache_dir
+ - Additional fixes for CVE-2012-5643 / SQUID:2012-1
+ - kerberos_ldap_group: support multiple groups in squid.conf ACL definition
+ - kqueue: update status from experimental to fully available net I/O method
+ - ... and many memory leaks and potential bugs detected by Coverity Scan
+
Changes to squid-3.3.0.2 (03 Dec 2012):
- Support matching empty header field values using req_header and rep_header
@@ -23,6 +32,18 @@
- ... and many compile error fixes
- ... and a very large amount of code polish for faster compilation
+Changes to squid-3.2.6 (09 Jan 2013):
+
+ - Regression Bug 3731: TOS setsockopt() requires int value
+ - Regression Bug 3712: Rotating logs overwrites the previous log
+ - Bug 3727: LLVM compile errors in kerberos_ldap_group
+ - Bug 3650: Negotiate auth missing challenge token
+ - Additional fixes for CVE-2012-5643 / SQUID:2012-1
+
+Changes to squid-3.2.5 (10 Dec 2012):
+
+ - Bug 3698: Add missing include of errno.h
+
Changes to squid-3.2.4 (03 Dec 2012):
- Ported: urllogin ACL from squid 2.7
@@ -472,6 +493,10 @@
- ... and a great many testing improvements
- ... and many documentation updates
+Changes to squid-3.1.23 (09 Jan 2013):
+
+ - Additional fixes for CVE-2012-5643 / SQUID:2012-1
+
Changes to squid-3.1.22 (03 Dec 2012):
- Bug 3685: Squid hangs in Delay Pools ClassCBucket::update
diff -u -r -N squid-3.3.0.2/configure squid-3.3.0.3/configure
--- squid-3.3.0.2/configure 2012-12-02 21:31:05.000000000 +1300
+++ squid-3.3.0.3/configure 2013-01-09 14:10:25.000000000 +1300
@@ -1,9 +1,9 @@
#! /bin/sh
# From configure.ac Revision.
# Guess values for system-dependent variables and create Makefiles.
-# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.3.0.2.
+# Generated by GNU Autoconf 2.68 for Squid Web Proxy 3.3.0.3.
#
-# Report bugs to .
+# Report bugs to .
#
#
# Copyright (C) 1992, 1993, 1994, 1995, 1996, 1998, 1999, 2000, 2001,
@@ -248,7 +248,7 @@
$as_echo "$0: be upgraded to zsh 4.3.4 or later."
else
$as_echo "$0: Please tell bug-autoconf@gnu.org and
-$0: http://www.squid-cache.org/bugs/ about your system,
+$0: http://bugs.squid-cache.org/ about your system,
$0: including any error possibly output before this
$0: message. Then install a modern shell, or manually run
$0: the script under such a shell if you do have one."
@@ -575,9 +575,9 @@
# Identity of this package.
PACKAGE_NAME='Squid Web Proxy'
PACKAGE_TARNAME='squid'
-PACKAGE_VERSION='3.3.0.2'
-PACKAGE_STRING='Squid Web Proxy 3.3.0.2'
-PACKAGE_BUGREPORT='http://www.squid-cache.org/bugs/'
+PACKAGE_VERSION='3.3.0.3'
+PACKAGE_STRING='Squid Web Proxy 3.3.0.3'
+PACKAGE_BUGREPORT='http://bugs.squid-cache.org/'
PACKAGE_URL=''
ac_unique_file="src/main.cc"
@@ -1570,7 +1570,7 @@
# Omit some internal or obsolete options to make the list less imposing.
# This message is too long to be a string in the A/UX 3.1 sh.
cat <<_ACEOF
-\`configure' configures Squid Web Proxy 3.3.0.2 to adapt to many kinds of systems.
+\`configure' configures Squid Web Proxy 3.3.0.3 to adapt to many kinds of systems.
Usage: $0 [OPTION]... [VAR=VALUE]...
@@ -1640,7 +1640,7 @@
if test -n "$ac_init_help"; then
case $ac_init_help in
- short | recursive ) echo "Configuration of Squid Web Proxy 3.3.0.2:";;
+ short | recursive ) echo "Configuration of Squid Web Proxy 3.3.0.3:";;
esac
cat <<\_ACEOF
@@ -1730,7 +1730,7 @@
http://wiki.squid-cache.org/SquidFaq/CacheDigests
--disable-select Disable select(2) support.
--disable-poll Disable poll(2) support.
- --enable-kqueue Enable kqueue(2) support (experimental).
+ --disable-kqueue Disable kqueue(2) support.
--disable-epoll Disable Linux epoll(2) support.
--disable-devpoll Disable Solaris /dev/poll support.
--disable-http-violations
@@ -1951,7 +1951,7 @@
Use these variables to override the choices made by `configure' or to help
it to find libraries and programs with nonstandard names/locations.
-Report bugs to .
+Report bugs to .
_ACEOF
ac_status=$?
fi
@@ -2014,7 +2014,7 @@
test -n "$ac_init_help" && exit $ac_status
if $ac_init_version; then
cat <<\_ACEOF
-Squid Web Proxy configure 3.3.0.2
+Squid Web Proxy configure 3.3.0.3
generated by GNU Autoconf 2.68
Copyright (C) 2010 Free Software Foundation, Inc.
@@ -2211,9 +2211,9 @@
$as_echo "$as_me: WARNING: $2: section \"Present But Cannot Be Compiled\"" >&2;}
{ $as_echo "$as_me:${as_lineno-$LINENO}: WARNING: $2: proceeding with the compiler's result" >&5
$as_echo "$as_me: WARNING: $2: proceeding with the compiler's result" >&2;}
-( $as_echo "## ----------------------------------------------- ##
-## Report this to http://www.squid-cache.org/bugs/ ##
-## ----------------------------------------------- ##"
+( $as_echo "## ------------------------------------------- ##
+## Report this to http://bugs.squid-cache.org/ ##
+## ------------------------------------------- ##"
) | sed "s/^/$as_me: WARNING: /" >&2
;;
esac
@@ -3110,7 +3110,7 @@
This file contains any messages produced by compilers while
running configure, to aid debugging if configure makes a mistake.
-It was created by Squid Web Proxy $as_me 3.3.0.2, which was
+It was created by Squid Web Proxy $as_me 3.3.0.3, which was
generated by GNU Autoconf 2.68. Invocation command line was
$ $0 $@
@@ -3929,7 +3929,7 @@
# Define the identity of the package.
PACKAGE='squid'
- VERSION='3.3.0.2'
+ VERSION='3.3.0.3'
cat >>confdefs.h <<_ACEOF
@@ -21056,7 +21056,6 @@
{ $as_echo "$as_me:${as_lineno-$LINENO}: enabling poll syscall for net I/O: ${enable_poll:=auto}" >&5
$as_echo "$as_me: enabling poll syscall for net I/O: ${enable_poll:=auto}" >&6;}
-# kqueue support is still experiemntal and unstable. Not enabled by default.
# Check whether --enable-kqueue was given.
if test "${enable_kqueue+set}" = set; then :
enableval=$enable_kqueue;
@@ -21068,7 +21067,7 @@
fi
-if test "x${enable_kqueue:=no}" = "xyes" ; then
+if test "x${enable_kqueue:=auto}" != "xno" ; then
for ac_header in sys/event.h
do :
ac_fn_cxx_check_header_mongrel "$LINENO" "sys/event.h" "ac_cv_header_sys_event_h" "$ac_includes_default"
@@ -21078,15 +21077,40 @@
_ACEOF
else
- as_fn_error $? "kqueue support requires sys/event.h header file." "$LINENO" 5
+
+ if test "x${enable_kqueue}" = "xyes" ; then
+ as_fn_error $? "kqueue support requires sys/event.h header file." "$LINENO" 5
+ fi
+
fi
done
- squid_opt_io_loop_engine="kqueue"
+ for ac_func in kqueue
+do :
+ ac_fn_cxx_check_func "$LINENO" "kqueue" "ac_cv_func_kqueue"
+if test "x$ac_cv_func_kqueue" = xyes; then :
+ cat >>confdefs.h <<_ACEOF
+#define HAVE_KQUEUE 1
+_ACEOF
+
+else
+
+ if test "x${enable_kqueue}" = "xyes" ; then
+ as_fn_error $? "kqueue support missing in libc library." "$LINENO" 5
+ fi
+
+fi
+done
+
+ if test "x$ac_cv_func_kqueue" = "xyes" -a "x$ac_cv_header_sys_event_h" = "xyes" ; then
+ squid_opt_io_loop_engine="kqueue"
+ else
+ enable_kqueue="no"
+ fi
fi
-{ $as_echo "$as_me:${as_lineno-$LINENO}: enabling kqueue for net I/O: $enable_kqueue" >&5
-$as_echo "$as_me: enabling kqueue for net I/O: $enable_kqueue" >&6;}
+{ $as_echo "$as_me:${as_lineno-$LINENO}: enabling kqueue for net I/O: ${enable_kqueue:=auto}" >&5
+$as_echo "$as_me: enabling kqueue for net I/O: ${enable_kqueue:=auto}" >&6;}
# Check whether --enable-epoll was given.
if test "${enable_epoll+set}" = set; then :
@@ -28779,7 +28803,6 @@
glob \
htobe16 \
htole16 \
- kqueue\
lrand48 \
mallinfo \
mallocblksize \
@@ -29001,7 +29024,7 @@
$as_echo "$as_me: choosing user-specified net I/O API $squid_opt_io_loop_engine" >&6;}
elif test "x$enable_epoll" != "xno" -a "x$squid_cv_epoll_works" = "xyes" ; then
squid_opt_io_loop_engine="epoll"
-elif test "x$enable_kqueue" != "xno" -a "x$ac_cv_func_kqueue" = "xyes" ; then
+elif test "x$enable_kqueue" != "xno" ; then
squid_opt_io_loop_engine="kqueue"
elif test "x$enable_devpoll" != "xno" ; then
squid_opt_io_loop_engine="devpoll"
@@ -31296,7 +31319,7 @@
# report actual input values of CONFIG_FILES etc. instead of their
# values after options handling.
ac_log="
-This file was extended by Squid Web Proxy $as_me 3.3.0.2, which was
+This file was extended by Squid Web Proxy $as_me 3.3.0.3, which was
generated by GNU Autoconf 2.68. Invocation command line was
CONFIG_FILES = $CONFIG_FILES
@@ -31356,13 +31379,13 @@
Configuration commands:
$config_commands
-Report bugs to ."
+Report bugs to ."
_ACEOF
cat >>$CONFIG_STATUS <<_ACEOF || ac_write_fail=1
ac_cs_config="`$as_echo "$ac_configure_args" | sed 's/^ //; s/[\\""\`\$]/\\\\&/g'`"
ac_cs_version="\\
-Squid Web Proxy config.status 3.3.0.2
+Squid Web Proxy config.status 3.3.0.3
configured by $0, generated by GNU Autoconf 2.68,
with options \\"\$ac_cs_config\\"
diff -u -r -N squid-3.3.0.2/configure.ac squid-3.3.0.3/configure.ac
--- squid-3.3.0.2/configure.ac 2012-12-02 21:31:05.000000000 +1300
+++ squid-3.3.0.3/configure.ac 2013-01-09 14:10:25.000000000 +1300
@@ -1,4 +1,4 @@
-AC_INIT([Squid Web Proxy],[3.3.0.2],[http://www.squid-cache.org/bugs/],[squid])
+AC_INIT([Squid Web Proxy],[3.3.0.3],[http://bugs.squid-cache.org/],[squid])
AC_PREREQ(2.61)
AC_CONFIG_HEADERS([include/autoconf.h])
AC_CONFIG_AUX_DIR(cfgaux)
@@ -1313,18 +1313,29 @@
])
AC_MSG_NOTICE([enabling poll syscall for net I/O: ${enable_poll:=auto}])
-# kqueue support is still experiemntal and unstable. Not enabled by default.
AC_ARG_ENABLE(kqueue,
- AS_HELP_STRING([--enable-kqueue],
- [Enable kqueue(2) support (experimental).]), [
+ AS_HELP_STRING([--disable-kqueue],
+ [Disable kqueue(2) support.]), [
SQUID_YESNO($enableval,[--enable-kqueue takes no extra argument])
])
-if test "x${enable_kqueue:=no}" = "xyes" ; then
- AC_CHECK_HEADERS([sys/event.h],[],
- [ AC_MSG_ERROR([kqueue support requires sys/event.h header file.]) ])
- squid_opt_io_loop_engine="kqueue"
+if test "x${enable_kqueue:=auto}" != "xno" ; then
+ AC_CHECK_HEADERS([sys/event.h],[],[
+ if test "x${enable_kqueue}" = "xyes" ; then
+ AC_MSG_ERROR([kqueue support requires sys/event.h header file.])
+ fi
+ ])
+ AC_CHECK_FUNCS(kqueue,[],[
+ if test "x${enable_kqueue}" = "xyes" ; then
+ AC_MSG_ERROR([kqueue support missing in libc library.])
+ fi
+ ])
+ if test "x$ac_cv_func_kqueue" = "xyes" -a "x$ac_cv_header_sys_event_h" = "xyes" ; then
+ squid_opt_io_loop_engine="kqueue"
+ else
+ enable_kqueue="no"
+ fi
fi
-AC_MSG_NOTICE([enabling kqueue for net I/O: $enable_kqueue])
+AC_MSG_NOTICE([enabling kqueue for net I/O: ${enable_kqueue:=auto}])
dnl Enable epoll()
AC_ARG_ENABLE(epoll,
@@ -3160,7 +3171,6 @@
glob \
htobe16 \
htole16 \
- kqueue\
lrand48 \
mallinfo \
mallocblksize \
@@ -3228,7 +3238,7 @@
AC_MSG_NOTICE([choosing user-specified net I/O API $squid_opt_io_loop_engine])
elif test "x$enable_epoll" != "xno" -a "x$squid_cv_epoll_works" = "xyes" ; then
squid_opt_io_loop_engine="epoll"
-elif test "x$enable_kqueue" != "xno" -a "x$ac_cv_func_kqueue" = "xyes" ; then
+elif test "x$enable_kqueue" != "xno" ; then
squid_opt_io_loop_engine="kqueue"
elif test "x$enable_devpoll" != "xno" ; then
squid_opt_io_loop_engine="devpoll"
diff -u -r -N squid-3.3.0.2/helpers/basic_auth/DB/basic_db_auth.8 squid-3.3.0.3/helpers/basic_auth/DB/basic_db_auth.8
--- squid-3.3.0.2/helpers/basic_auth/DB/basic_db_auth.8 2012-12-02 21:48:01.000000000 +1300
+++ squid-3.3.0.3/helpers/basic_auth/DB/basic_db_auth.8 2013-01-09 14:33:06.000000000 +1300
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "BASIC_DB_AUTH 1"
-.TH BASIC_DB_AUTH 1 "2012-12-02" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH BASIC_DB_AUTH 1 "2013-01-08" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc
--- squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/kerberos_ldap_group.cc 2013-01-09 14:09:06.000000000 +1300
@@ -32,6 +32,7 @@
#include "squid.h"
#include "helpers/defines.h"
#include "util.h"
+#include "rfc1738.h"
#ifdef HAVE_LDAP
@@ -226,7 +227,8 @@
main(int argc, char *const argv[])
{
char buf[6400];
- char *user, *domain;
+ char *user, *domain, *group;
+ char *up=NULL, *dp=NULL, *np=NULL;
char *nuser, *nuser8 = NULL, *netbios;
char *c;
int opt;
@@ -334,11 +336,17 @@
}
debug((char *) "%s| %s: INFO: Starting version %s\n", LogTime(), PROGRAM, KERBEROS_LDAP_GROUP_VERSION);
+ int gopt = 0;
if (create_gd(&margs)) {
- debug((char *) "%s| %s: FATAL: Error in group list: %s\n", LogTime(), PROGRAM, margs.glist ? margs.glist : "NULL");
- SEND_ERR("");
- clean_args(&margs);
- exit(1);
+ if ( margs.glist != NULL ) {
+ debug((char *) "%s| %s: FATAL: Error in group list: %s\n", LogTime(), PROGRAM, margs.glist ? margs.glist : "NULL");
+ SEND_ERR("");
+ clean_args(&margs);
+ exit(1);
+ } else {
+ debug((char *) "%s| %s: INFO: no group list given expect it from stdin\n", LogTime(), PROGRAM);
+ gopt = 1;
+ }
}
if (create_nd(&margs)) {
debug((char *) "%s| %s: FATAL: Error in netbios list: %s\n", LogTime(), PROGRAM, margs.nlist ? margs.nlist : "NULL");
@@ -370,12 +378,18 @@
if (c) {
*c = '\0';
} else {
- SEND_ERR("");
+ SEND_ERR("Invalid input. CR missing");
debug((char *) "%s| %s: ERR\n", LogTime(), PROGRAM);
continue;
}
- user = buf;
+ user = strtok(buf, " \n");
+ if (!user) {
+ debug((char *) "%s| %s: INFO: No Username given\n", LogTime(), PROGRAM);
+ SEND_ERR("Invalid request. No Username");
+ continue;
+ }
+ rfc1738_unescape(user);
nuser = strchr(user, '\\');
if (!nuser)
nuser8 = strstr(user, "%5C");
@@ -391,33 +405,62 @@
nuser = nuser8 + 3;
}
netbios = user;
+ up = xstrdup(rfc1738_escape(nuser));
+ np = xstrdup(rfc1738_escape(netbios));
if (debug_enabled)
- debug((char *) "%s| %s: INFO: Got User: %s Netbios Name: %s\n", LogTime(), PROGRAM, nuser, netbios);
+ debug((char *) "%s| %s: INFO: Got User: %s Netbios Name: %s\n", LogTime(), PROGRAM, up, np);
else
- log((char *) "%s| %s: INFO: Got User: %s Netbios Name: %s\n", LogTime(), PROGRAM, nuser, netbios);
+ log((char *) "%s| %s: INFO: Got User: %s Netbios Name: %s\n", LogTime(), PROGRAM, up, np);
domain = get_netbios_name(&margs, netbios);
user = nuser;
+ xfree(up);
+ xfree(np);
} else if (domain) {
strup(domain);
*domain = '\0';
++domain;
}
+ up = xstrdup(rfc1738_escape(user));
+ if (domain)
+ dp = xstrdup(rfc1738_escape(domain));
if (!domain && margs.ddomain) {
domain = xstrdup(margs.ddomain);
if (debug_enabled)
- debug((char *) "%s| %s: INFO: Got User: %s set default domain: %s\n", LogTime(), PROGRAM, user, domain);
+ debug((char *) "%s| %s: INFO: Got User: %s set default domain: %s\n", LogTime(), PROGRAM, up, dp);
else
- log((char *) "%s| %s: INFO: Got User: %s set default domain: %s\n", LogTime(), PROGRAM, user, domain);
+ log((char *) "%s| %s: INFO: Got User: %s set default domain: %s\n", LogTime(), PROGRAM, up, dp);
}
if (debug_enabled)
- debug((char *) "%s| %s: INFO: Got User: %s Domain: %s\n", LogTime(), PROGRAM, user, domain ? domain : "NULL");
+ debug((char *) "%s| %s: INFO: Got User: %s Domain: %s\n", LogTime(), PROGRAM, up, domain ? dp : "NULL");
else
- log((char *) "%s| %s: INFO: Got User: %s Domain: %s\n", LogTime(), PROGRAM, user, domain ? domain : "NULL");
+ log((char *) "%s| %s: INFO: Got User: %s Domain: %s\n", LogTime(), PROGRAM, up, domain ? dp : "NULL");
+ xfree(up);
+ xfree(dp);
if (!strcmp(user, "QQ") && domain && !strcmp(domain, "QQ")) {
clean_args(&margs);
exit(-1);
}
+ if (gopt) {
+ if ((group = strtok(NULL, " \n")) != NULL) {
+ debug((char *) "%s| %s: INFO: Read group list %s from stdin\n", LogTime(), PROGRAM, group);
+ rfc1738_unescape(group);
+ if (margs.groups) {
+ clean_gd(margs.groups);
+ margs.groups = NULL;
+ }
+ margs.glist = xstrdup(group);
+ if (create_gd(&margs)) {
+ SEND_ERR("Error in group list");
+ debug((char *) "%s| %s: FATAL: Error in group list: %s\n", LogTime(), PROGRAM, margs.glist ? margs.glist : "NULL");
+ continue;
+ }
+ } else {
+ SEND_ERR("No group list received on stdin");
+ debug((char *) "%s| %s: FATAL: No group list received on stdin\n", LogTime(), PROGRAM);
+ continue;
+ }
+ }
if (check_memberof(&margs, user, domain)) {
SEND_OK("");
debug((char *) "%s| %s: DEBUG: OK\n", LogTime(), PROGRAM);
diff -u -r -N squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/Makefile.am squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/Makefile.am
--- squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/Makefile.am 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/Makefile.am 2013-01-09 14:09:06.000000000 +1300
@@ -24,6 +24,7 @@
ext_kerberos_ldap_group_acl_LDFLAGS =
ext_kerberos_ldap_group_acl_LDADD = \
+ $(top_builddir)/lib/libmiscencoding.la \
$(COMPAT_LIB) \
$(LDAPLIB) \
$(LBERLIB) \
diff -u -r -N squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/Makefile.in squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/Makefile.in
--- squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/Makefile.in 2012-12-02 21:30:38.000000000 +1300
+++ squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/Makefile.in 2013-01-09 14:09:44.000000000 +1300
@@ -72,7 +72,8 @@
@ENABLE_XPROF_STATS_TRUE@am__DEPENDENCIES_1 = $(top_builddir)/lib/profiler/libprofiler.la
am__DEPENDENCIES_2 = $(am__DEPENDENCIES_1)
am__DEPENDENCIES_3 =
-ext_kerberos_ldap_group_acl_DEPENDENCIES = $(am__DEPENDENCIES_2) \
+ext_kerberos_ldap_group_acl_DEPENDENCIES = \
+ $(top_builddir)/lib/libmiscencoding.la $(am__DEPENDENCIES_2) \
$(am__DEPENDENCIES_3) $(am__DEPENDENCIES_3) \
$(am__DEPENDENCIES_3) $(am__DEPENDENCIES_3) \
$(am__DEPENDENCIES_3)
@@ -408,6 +409,7 @@
ext_kerberos_ldap_group_acl_LDFLAGS =
ext_kerberos_ldap_group_acl_LDADD = \
+ $(top_builddir)/lib/libmiscencoding.la \
$(COMPAT_LIB) \
$(LDAPLIB) \
$(LBERLIB) \
diff -u -r -N squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/support_group.cc squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/support_group.cc
--- squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/support_group.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/support_group.cc 2013-01-09 14:09:06.000000000 +1300
@@ -42,6 +42,18 @@
return gdsp;
}
+void
+free_gd(struct gdstruct *gdsp)
+{
+ while (gdsp) {
+ struct gdstruct *gdspn = gdsp->next;
+ xfree(gdsp->group);
+ xfree(gdsp->domain);
+ xfree(gdsp);
+ gdsp = gdspn;
+ }
+}
+
char *utf8dup(struct main_args *margs);
char *
@@ -101,35 +113,24 @@
char *
hex_utf_char(struct main_args *margs, int flag)
{
- char *up;
- char *upd;
- char *ul;
- int a, n, nl, ival, ichar;
+ int ival, ichar;
int iUTF2, iUTF3, iUTF4;
- if (flag) {
- up = margs->ulist;
- } else {
- up = margs->tlist;
- }
-
+ char *up = (flag ? margs->ulist : margs->tlist);
if (!up)
return NULL;
- upd = strrchr(up, '@');
- if (upd)
- a = upd - up;
- else
- a = strlen(up);
-
- ul = (char *) xmalloc(strlen(up));
- n = 0;
- nl = 0;
+ char *upd = strrchr(up, '@');
+ size_t a = (upd ? (upd - up) : strlen(up) );
+
+ char *ul = (char *) xmalloc(strlen(up)+1);
+ size_t n = 0;
+ int nl = 0;
iUTF2 = 0;
iUTF3 = 0;
iUTF4 = 0;
- while (n < (int) strlen(up)) {
+ while (n < strlen(up)) {
if (flag && n == a)
break;
if (up[n] == '@') {
@@ -147,15 +148,13 @@
ichar = (ival - 48) * 16;
else {
debug((char *) "%s| %s: WARNING: Invalid Hex value %c\n", LogTime(), PROGRAM, ival);
- if (ul)
- xfree(ul);
+ xfree(ul);
return NULL;
}
if (n == a - 1) {
debug((char *) "%s| %s: WARNING: Invalid Hex UTF-8 string %s\n", LogTime(), PROGRAM, up);
- if (ul)
- xfree(ul);
+ xfree(ul);
return NULL;
}
++n;
@@ -168,8 +167,7 @@
ichar = ichar + ival - 48;
else {
debug((char *) "%s| %s: WARNING: Invalid Hex value %c\n", LogTime(), PROGRAM, ival);
- if (ul)
- xfree(ul);
+ xfree(ul);
return NULL;
}
@@ -189,8 +187,7 @@
ul[nl] = ichar;
ul[nl + 1] = '\0';
debug((char *) "%s| %s: WARNING: Invalid UTF-8 sequence for Unicode %s\n", LogTime(), PROGRAM, ul);
- if (ul)
- xfree(ul);
+ xfree(ul);
return NULL;
}
} else if (iUTF3) {
@@ -219,8 +216,7 @@
ul[nl] = ichar;
ul[nl + 1] = '\0';
debug((char *) "%s| %s: WARNING: Invalid UTF-8 sequence for Unicode %s\n", LogTime(), PROGRAM, ul);
- if (ul)
- xfree(ul);
+ xfree(ul);
return NULL;
}
} else if (iUTF4) {
@@ -248,8 +244,7 @@
ul[nl] = ichar;
ul[nl + 1] = '\0';
debug((char *) "%s| %s: WARNING: Invalid UTF-8 sequence for Unicode %s\n", LogTime(), PROGRAM, ul);
- if (ul)
- xfree(ul);
+ xfree(ul);
return NULL;
}
} else if (ichar < 0x80) {
@@ -275,8 +270,7 @@
ul[nl] = ichar;
ul[nl + 1] = '\0';
debug((char *) "%s| %s: WARNING: Invalid UTF-8 sequence for Unicode %s\n", LogTime(), PROGRAM, ul);
- if (ul)
- xfree(ul);
+ xfree(ul);
return NULL;
}
++n;
@@ -286,8 +280,7 @@
if (iUTF2 || iUTF3 || iUTF4) {
debug((char *) "%s| %s: INFO: iUTF2: %d iUTF3: %d iUTF4: %d\n", LogTime(), PROGRAM, iUTF2, iUTF3, iUTF4);
debug((char *) "%s| %s: WARNING: Invalid UTF-8 sequence for Unicode %s\n", LogTime(), PROGRAM, ul);
- if (ul)
- xfree(ul);
+ xfree(ul);
return NULL;
}
if (flag && upd)
@@ -299,7 +292,6 @@
create_gd(struct main_args *margs)
{
char *gp, *dp;
- char *hp1, *hp2, *up;
char *p;
struct gdstruct *gdsp = NULL, *gdspn = NULL;
/*
@@ -321,28 +313,43 @@
*
*
*/
- hp1 = hex_utf_char(margs, 0);
- hp2 = hex_utf_char(margs, 1);
- up = utf8dup(margs);
+ char *hp1 = hex_utf_char(margs, 0);
+ char *hp2 = hex_utf_char(margs, 1);
+ char *up = utf8dup(margs);
+
+ // NP: will point to the start of a temporary assembly buffer used by 'p' and 'gp'
+ // for catenation of the hp1, hp2, and up buffer contents from above.
+ // necessary for xfree() because both p and gp move over the assembly area
+ char *gpbuf = NULL;
+
+ // release the allocated UTF decoding buffers
+#define cleanup() { \
+ xfree(gpbuf); \
+ xfree(hp1); \
+ xfree(hp2); \
+ xfree(up); \
+ free_gd(gdsp); \
+ }
+
p = up;
if (hp1) {
if (hp2) {
if (up) {
- p = (char *) xmalloc(strlen(up) + strlen(hp1) + strlen(hp2) + 2);
+ gpbuf = p = (char *) xmalloc(strlen(up) + strlen(hp1) + strlen(hp2) + 2);
strcpy(p, up);
strcat(p, ":");
strcat(p, hp1);
strcat(p, ":");
strcat(p, hp2);
} else {
- p = (char *) xmalloc(strlen(hp1) + strlen(hp2) + 1);
+ gpbuf = p = (char *) xmalloc(strlen(hp1) + strlen(hp2) + 1);
strcpy(p, hp1);
strcat(p, ":");
strcat(p, hp2);
}
} else {
if (up) {
- p = (char *) xmalloc(strlen(up) + strlen(hp1) + 1);
+ gpbuf = p = (char *) xmalloc(strlen(up) + strlen(hp1) + 1);
strcpy(p, up);
strcat(p, ":");
strcat(p, hp1);
@@ -352,7 +359,7 @@
} else {
if (hp2) {
if (up) {
- p = (char *) xmalloc(strlen(up) + strlen(hp2) + 1);
+ gpbuf = p = (char *) xmalloc(strlen(up) + strlen(hp2) + 1);
strcpy(p, up);
strcat(p, ":");
strcat(p, hp2);
@@ -367,6 +374,7 @@
if (!p) {
debug((char *) "%s| %s: ERROR: No groups defined.\n", LogTime(), PROGRAM);
+ cleanup();
return (1);
}
while (*p) { /* loop over group list */
@@ -377,18 +385,24 @@
if (*p == '@') { /* end of group name - start of domain name */
if (p == gp) { /* empty group name not allowed */
debug((char *) "%s| %s: ERROR: No group defined for domain %s\n", LogTime(), PROGRAM, p);
+ cleanup();
return (1);
}
+ if (dp) { /* end of domain name - twice */
+ debug((char *) "%s| %s: @ is not allowed in group name %s@%s\n",LogTime(), PROGRAM,gp,dp);
+ cleanup();
+ return(1);
+ }
*p = '\0';
++p;
gdsp = init_gd();
- gdsp->group = gp;
- if (gdspn) /* Have already an existing structure */
- gdsp->next = gdspn;
+ gdsp->group = xstrdup(gp);
+ gdsp->next = gdspn;
dp = p; /* after @ starts new domain name */
} else if (*p == ':') { /* end of group name or end of domain name */
if (p == gp) { /* empty group name not allowed */
debug((char *) "%s| %s: ERROR: No group defined for domain %s\n", LogTime(), PROGRAM, p);
+ cleanup();
return (1);
}
*p = '\0';
@@ -398,9 +412,8 @@
dp = NULL;
} else { /* end of group name and no domain name */
gdsp = init_gd();
- gdsp->group = gp;
- if (gdspn) /* Have already an existing structure */
- gdsp->next = gdspn;
+ gdsp->group = xstrdup(gp);
+ gdsp->next = gdspn;
}
gdspn = gdsp;
gp = p; /* after : starts new group name */
@@ -410,19 +423,22 @@
}
if (p == gp) { /* empty group name not allowed */
debug((char *) "%s| %s: ERROR: No group defined for domain %s\n", LogTime(), PROGRAM, p);
+ cleanup();
return (1);
}
if (dp) { /* end of domain name */
gdsp->domain = xstrdup(dp);
} else { /* end of group name and no domain name */
gdsp = init_gd();
- gdsp->group = gp;
+ gdsp->group = xstrdup(gp);
if (gdspn) /* Have already an existing structure */
gdsp->next = gdspn;
}
debug((char *) "%s| %s: INFO: Group %s Domain %s\n", LogTime(), PROGRAM, gdsp->group, gdsp->domain ? gdsp->domain : "NULL");
margs->groups = gdsp;
+ gdsp = NULL; // prevent the cleanup() deallocating it.
+ cleanup();
return (0);
}
#endif
diff -u -r -N squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/support_ldap.cc squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/support_ldap.cc
--- squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/support_ldap.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/support_ldap.cc 2013-01-09 14:09:06.000000000 +1300
@@ -109,9 +109,6 @@
void *params)
{
struct ldap_creds *cp = (struct ldap_creds *) params;
- url = url;
- request = request;
- msgid = msgid;
return tool_sasl_bind(ld, cp->dn, cp->pw);
}
#endif
@@ -127,9 +124,6 @@
void *params)
{
struct ldap_creds *cp = (struct ldap_creds *) params;
- url = url;
- request = request;
- msgid = msgid;
return ldap_bind_s(ld, cp->dn, cp->pw, LDAP_AUTH_SIMPLE);
}
@@ -192,9 +186,6 @@
void *params)
{
struct ldap_creds *cp = (struct ldap_creds *) params;
- url = url;
- request = request;
- msgid = msgid;
return tool_sasl_bind(ld, cp->dn, cp->pw);
}
#endif
@@ -211,9 +202,6 @@
{
struct ldap_creds *cp = (struct ldap_creds *) params;
- url = url;
- request = request;
- msgid = msgid;
return ldap_bind_s(ld, cp->dn, cp->pw, LDAP_AUTH_SIMPLE);
}
@@ -369,19 +357,18 @@
search_exp = (char *) xmalloc(strlen(filter) + strlen(ldap_filter_esc) + 1);
snprintf(search_exp, strlen(filter) + strlen(ldap_filter_esc) + 1, filter, ldap_filter_esc);
- if (ldap_filter_esc)
- xfree(ldap_filter_esc);
+ xfree(ldap_filter_esc);
if (depth > margs->mdepth) {
debug((char *) "%s| %s: DEBUG: Max search depth reached %d>%d\n", LogTime(), PROGRAM, depth, margs->mdepth);
+ xfree(search_exp);
return 0;
}
debug((char *) "%s| %s: DEBUG: Search ldap server with bind path %s and filter : %s\n", LogTime(), PROGRAM, bindp, search_exp);
rc = ldap_search_ext_s(ld, bindp, LDAP_SCOPE_SUBTREE,
search_exp, NULL, 0,
NULL, NULL, &searchtime, 0, &res);
- if (search_exp)
- xfree(search_exp);
+ xfree(search_exp);
if (rc != LDAP_SUCCESS) {
error((char *) "%s| %s: ERROR: Error searching ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
@@ -673,22 +660,16 @@
rc = ldap_url_parse(ldapuri, &url);
if (rc != LDAP_SUCCESS) {
error((char *) "%s| %s: ERROR: Error while parsing url: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
- if (ldapuri)
- xfree(ldapuri);
- if (url)
- xfree(url);
+ xfree(ldapuri);
+ xfree(url);
return NULL;
}
#else
#error "No URL parsing function"
#endif
- if (url) {
- xfree(url);
- url = NULL;
- }
+ safe_free(url);
rc = ldap_initialize(&ld, ldapuri);
- if (ldapuri)
- xfree(ldapuri);
+ xfree(ldapuri);
if (rc != LDAP_SUCCESS) {
error((char *) "%s| %s: ERROR: Error while initialising connection to ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
ldap_unbind(ld);
@@ -744,22 +725,16 @@
rc = ldap_url_parse(ldapuri, &url);
if (rc != LDAP_SUCCESS) {
error((char *) "%s| %s: ERROR: Error while parsing url: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
- if (ldapuri)
- xfree(ldapuri);
- if (url)
- xfree(url);
+ xfree(ldapuri);
+ xfree(url);
return NULL;
}
#else
#error "No URL parsing function"
#endif
- if (url) {
- xfree(url);
- url = NULL;
- }
+ safe_free(url);
rc = ldap_initialize(&ld, ldapuri);
- if (ldapuri)
- xfree(ldapuri);
+ xfree(ldapuri);
if (rc != LDAP_SUCCESS) {
error((char *) "%s| %s: ERROR: Error while initialising connection to ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
ldap_unbind(ld);
@@ -897,7 +872,7 @@
continue;
}
lcreds = (ldap_creds *) xmalloc(sizeof(struct ldap_creds));
- lcreds->dn = bindp ? xstrdup(bindp) : NULL;
+ lcreds->dn = NULL;
lcreds->pw = margs->ssl ? xstrdup(margs->ssl) : NULL;
ldap_set_rebind_proc(ld, ldap_sasl_rebind, (char *) lcreds);
if (ld != NULL) {
@@ -938,9 +913,7 @@
port = atoi(p);
}
nhosts = get_hostname_list(margs, &hlist, 0, host);
- if (host)
- xfree(host);
- host = NULL;
+ safe_free(host);
for (i = 0; i < nhosts; ++i) {
ld = tool_ldap_open(margs, hlist[i].host, port, ssl);
@@ -967,8 +940,7 @@
}
nhosts = free_hostname_list(&hlist, nhosts);
- if (bindp)
- xfree(bindp);
+ xfree(bindp);
if (margs->lbind) {
bindp = xstrdup(margs->lbind);
} else {
@@ -1005,15 +977,13 @@
search_exp = (char *) xmalloc(strlen(filter) + strlen(ldap_filter_esc) + 1);
snprintf(search_exp, strlen(filter) + strlen(ldap_filter_esc) + 1, filter, ldap_filter_esc);
- if (ldap_filter_esc)
- xfree(ldap_filter_esc);
+ xfree(ldap_filter_esc);
debug((char *) "%s| %s: DEBUG: Search ldap server with bind path %s and filter : %s\n", LogTime(), PROGRAM, bindp, search_exp);
rc = ldap_search_ext_s(ld, bindp, LDAP_SCOPE_SUBTREE,
search_exp, NULL, 0,
NULL, NULL, &searchtime, 0, &res);
- if (search_exp)
- xfree(search_exp);
+ xfree(search_exp);
if (rc != LDAP_SUCCESS) {
error((char *) "%s| %s: ERROR: Error searching ldap server: %s\n", LogTime(), PROGRAM, ldap_err2string(rc));
@@ -1121,15 +1091,13 @@
search_exp = (char *) xmalloc(strlen(filter) + strlen(ldap_filter_esc) + 1);
snprintf(search_exp, strlen(filter) + strlen(ldap_filter_esc) + 1, filter, ldap_filter_esc);
- if (ldap_filter_esc)
- xfree(ldap_filter_esc);
+ xfree(ldap_filter_esc);
debug((char *) "%s| %s: DEBUG: Search ldap server with bind path %s and filter: %s\n", LogTime(), PROGRAM, bindp, search_exp);
rc = ldap_search_ext_s(ld, bindp, LDAP_SCOPE_SUBTREE,
search_exp, NULL, 0,
NULL, NULL, &searchtime, 0, &res);
- if (search_exp)
- xfree(search_exp);
+ xfree(search_exp);
debug((char *) "%s| %s: DEBUG: Found %d ldap entr%s\n", LogTime(), PROGRAM, ldap_count_entries(ld, res), ldap_count_entries(ld, res) > 1 || ldap_count_entries(ld, res) == 0 ? "ies" : "y");
@@ -1147,15 +1115,13 @@
search_exp = (char *) xmalloc(strlen(filter) + strlen(ldap_filter_esc) + 1);
snprintf(search_exp, strlen(filter) + strlen(ldap_filter_esc) + 1, filter, ldap_filter_esc);
- if (ldap_filter_esc)
- xfree(ldap_filter_esc);
+ xfree(ldap_filter_esc);
debug((char *) "%s| %s: DEBUG: Search ldap server with bind path %s and filter: %s\n", LogTime(), PROGRAM, bindp, search_exp);
rc = ldap_search_ext_s(ld, bindp, LDAP_SCOPE_SUBTREE,
search_exp, NULL, 0,
NULL, NULL, &searchtime, 0, &res);
- if (search_exp)
- xfree(search_exp);
+ xfree(search_exp);
max_attr_2 = get_attributes(margs, ld, res, ATTRIBUTE, &attr_value_2);
/*
@@ -1187,8 +1153,10 @@
debug((char *) "%s| %s: DEBUG: Users primary group %s %s\n", LogTime(), PROGRAM, retval ? "matches" : "does not match", group);
- } else
+ } else {
+ ldap_msgfree(res);
debug((char *) "%s| %s: DEBUG: Did not find ldap entry for group %s\n", LogTime(), PROGRAM, group);
+ }
/*
* Cleanup
*/
@@ -1212,16 +1180,11 @@
krb5_cleanup();
#endif
if (lcreds) {
- if (lcreds->dn)
- xfree(lcreds->dn);
- if (lcreds->pw)
- xfree(lcreds->pw);
+ xfree(lcreds->dn);
+ xfree(lcreds->pw);
xfree(lcreds);
}
- if (bindp)
- xfree(bindp);
- bindp = NULL;
+ xfree(bindp);
return (retval);
-
}
#endif
diff -u -r -N squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/support_lserver.cc squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/support_lserver.cc
--- squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/support_lserver.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/support_lserver.cc 2013-01-09 14:09:06.000000000 +1300
@@ -40,6 +40,18 @@
return lssp;
}
+void
+free_ls(struct lsstruct *lssp)
+{
+ while (lssp) {
+ struct lsstruct *lsspn = lssp->next;
+ xfree(lssp->lserver);
+ xfree(lssp->domain);
+ xfree(lssp);
+ lssp = lsspn;
+ }
+}
+
int
create_ls(struct main_args *margs)
{
@@ -73,18 +85,24 @@
if (*p == '@') { /* end of group name - start of domain name */
if (p == np) { /* empty group name not allowed */
debug((char *) "%s| %s: DEBUG: No ldap servers defined for domain %s\n", LogTime(), PROGRAM, p);
+ free_ls(lssp);
return (1);
}
+ if (dp) { /* end of domain name - twice */
+ debug((char *) "%s| %s: @ is not allowed in server name %s@%s\n",LogTime(), PROGRAM,np,dp);
+ free_ls(lssp);
+ return(1);
+ }
*p = '\0';
++p;
lssp = init_ls();
lssp->lserver = xstrdup(np);
- if (lsspn) /* Have already an existing structure */
- lssp->next = lsspn;
+ lssp->next = lsspn;
dp = p; /* after @ starts new domain name */
} else if (*p == ':') { /* end of group name or end of domain name */
if (p == np) { /* empty group name not allowed */
debug((char *) "%s| %s: DEBUG: No ldap servers defined for domain %s\n", LogTime(), PROGRAM, p);
+ free_ls(lssp);
return (1);
}
*p = '\0';
@@ -95,8 +113,7 @@
} else { /* end of group name and no domain name */
lssp = init_ls();
lssp->lserver = xstrdup(np);
- if (lsspn) /* Have already an existing structure */
- lssp->next = lsspn;
+ lssp->next = lsspn;
}
lsspn = lssp;
np = p; /* after : starts new group name */
@@ -106,6 +123,7 @@
}
if (p == np) { /* empty group name not allowed */
debug((char *) "%s| %s: DEBUG: No ldap servers defined for domain %s\n", LogTime(), PROGRAM, p);
+ free_ls(lssp);
return (1);
}
if (dp) { /* end of domain name */
diff -u -r -N squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/support_netbios.cc squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/support_netbios.cc
--- squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/support_netbios.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/support_netbios.cc 2013-01-09 14:09:06.000000000 +1300
@@ -41,6 +41,18 @@
return ndsp;
}
+void
+free_nd(struct ndstruct *ndsp)
+{
+ while (ndsp) {
+ struct ndstruct *ndspn = ndsp->next;
+ xfree(ndsp->netbios);
+ xfree(ndsp->domain);
+ xfree(ndsp);
+ ndsp = ndspn;
+ }
+}
+
int
create_nd(struct main_args *margs)
{
@@ -74,18 +86,24 @@
if (*p == '@') { /* end of group name - start of domain name */
if (p == np) { /* empty group name not allowed */
debug((char *) "%s| %s: DEBUG: No netbios name defined for domain %s\n", LogTime(), PROGRAM, p);
+ free_nd(ndsp);
return (1);
}
+ if (dp) { /* end of domain name - twice */
+ debug((char *) "%s| %s: @ is not allowed in netbios name %s@%s\n",LogTime(), PROGRAM,np,dp);
+ free_nd(ndsp);
+ return(1);
+ }
*p = '\0';
++p;
ndsp = init_nd();
ndsp->netbios = xstrdup(np);
- if (ndspn) /* Have already an existing structure */
- ndsp->next = ndspn;
+ ndsp->next = ndspn;
dp = p; /* after @ starts new domain name */
} else if (*p == ':') { /* end of group name or end of domain name */
if (p == np) { /* empty group name not allowed */
debug((char *) "%s| %s: DEBUG: No netbios name defined for domain %s\n", LogTime(), PROGRAM, p);
+ free_nd(ndsp);
return (1);
}
*p = '\0';
@@ -96,13 +114,13 @@
} else { /* end of group name and no domain name */
ndsp = init_nd();
ndsp->netbios = xstrdup(np);
- if (ndspn) /* Have already an existing structure */
- ndsp->next = ndspn;
+ ndsp->next = ndspn;
}
ndspn = ndsp;
np = p; /* after : starts new group name */
if (!ndsp->domain || !strcmp(ndsp->domain, "")) {
debug((char *) "%s| %s: DEBUG: No domain defined for netbios name %s\n", LogTime(), PROGRAM, ndsp->netbios);
+ free_nd(ndsp);
return (1);
}
debug((char *) "%s| %s: DEBUG: Netbios name %s Domain %s\n", LogTime(), PROGRAM, ndsp->netbios, ndsp->domain);
@@ -111,6 +129,7 @@
}
if (p == np) { /* empty group name not allowed */
debug((char *) "%s| %s: DEBUG: No netbios name defined for domain %s\n", LogTime(), PROGRAM, p);
+ free_nd(ndsp);
return (1);
}
if (dp) { /* end of domain name */
@@ -118,11 +137,11 @@
} else { /* end of group name and no domain name */
ndsp = init_nd();
ndsp->netbios = xstrdup(np);
- if (ndspn) /* Have already an existing structure */
- ndsp->next = ndspn;
+ ndsp->next = ndspn;
}
if (!ndsp->domain || !strcmp(ndsp->domain, "")) {
debug((char *) "%s| %s: DEBUG: No domain defined for netbios name %s\n", LogTime(), PROGRAM, ndsp->netbios);
+ free_nd(ndsp);
return (1);
}
debug((char *) "%s| %s: DEBUG: Netbios name %s Domain %s\n", LogTime(), PROGRAM, ndsp->netbios, ndsp->domain);
diff -u -r -N squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/support_resolv.cc squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/support_resolv.cc
--- squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/support_resolv.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/support_resolv.cc 2013-01-09 14:09:06.000000000 +1300
@@ -297,10 +297,10 @@
if ((len = res_search(service, ns_c_in, ns_t_srv, (u_char *) buffer, PACKETSZ_MULT * NS_PACKETSZ)) < 0) {
error((char *) "%s| %s: ERROR: Error while resolving service record %s with res_search\n", LogTime(), PROGRAM, service);
nsError(h_errno, service);
- goto cleanup;
+ goto finalise;
}
} else {
- goto cleanup;
+ goto finalise;
}
}
if (len > PACKETSZ_MULT * NS_PACKETSZ) {
@@ -309,70 +309,70 @@
if ((len = res_search(service, ns_c_in, ns_t_srv, (u_char *) buffer, len)) < 0) {
error((char *) "%s| %s: ERROR: Error while resolving service record %s with res_search\n", LogTime(), PROGRAM, service);
nsError(h_errno, service);
- goto cleanup;
+ goto finalise;
}
if (len > olen) {
error((char *) "%s| %s: ERROR: Reply to big: buffer: %d reply length: %d\n", LogTime(), PROGRAM, olen, len);
- goto cleanup;
+ goto finalise;
}
}
p = buffer;
p += 6 * NS_INT16SZ; /* Header(6*16bit) = id + flags + 4*section count */
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < header size\n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
if ((size = dn_expand(buffer, buffer + len, p, name, sysconf(_SC_HOST_NAME_MAX))) < 0) {
error((char *) "%s| %s: ERROR: Error while expanding query name with dn_expand: %s\n", LogTime(), PROGRAM, strerror(errno));
- goto cleanup;
+ goto finalise;
}
p += size; /* Query name */
p += 2 * NS_INT16SZ; /* Query type + class (2*16bit) */
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < header + query name,type,class \n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
while (p < buffer + len) {
if ((size = dn_expand(buffer, buffer + len, p, name, sysconf(_SC_HOST_NAME_MAX))) < 0) {
error((char *) "%s| %s: ERROR: Error while expanding answer name with dn_expand: %s\n", LogTime(), PROGRAM, strerror(errno));
- goto cleanup;
+ goto finalise;
}
p += size; /* Resource Record name */
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < header + query name,type,class + answer name\n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
NS_GET16(type, p); /* RR type (16bit) */
p += NS_INT16SZ + NS_INT32SZ; /* RR class + ttl (16bit+32bit) */
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < header + query name,type,class + answer name + RR type,class,ttl\n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
NS_GET16(rdlength, p); /* RR data length (16bit) */
if (type == ns_t_srv) { /* SRV record */
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < header + query name,type,class + answer name + RR type,class,ttl + RR data length\n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
NS_GET16(priority, p); /* Priority (16bit) */
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < SRV RR + priority\n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
NS_GET16(weight, p); /* Weight (16bit) */
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < SRV RR + priority + weight\n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
NS_GET16(port, p); /* Port (16bit) */
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < SRV RR + priority + weight + port\n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
if ((size = dn_expand(buffer, buffer + len, p, host, NS_MAXDNAME)) < 0) {
error((char *) "%s| %s: ERROR: Error while expanding SRV RR name with dn_expand: %s\n", LogTime(), PROGRAM, strerror(errno));
- goto cleanup;
+ goto finalise;
}
debug((char *) "%s| %s: DEBUG: Resolved SRV %s record to %s\n", LogTime(), PROGRAM, service, host);
hp = (struct hstruct *) xrealloc(hp, sizeof(struct hstruct) * (nh + 1));
@@ -387,7 +387,7 @@
}
if (p > buffer + len) {
error((char *) "%s| %s: ERROR: Message to small: %d < SRV RR + priority + weight + port + name\n", LogTime(), PROGRAM, len);
- goto cleanup;
+ goto finalise;
}
}
if (p != buffer + len) {
@@ -396,10 +396,10 @@
#else
error((char *) "%s| %s: ERROR: Inconsistence message length: %d!=0\n", LogTime(), PROGRAM, buffer + len - p);
#endif
- goto cleanup;
+ goto finalise;
}
-cleanup:
+finalise:
nhosts = get_hostname_list(margs, &hp, nh, domain);
debug("%s| %s: DEBUG: Adding %s to list\n", LogTime(), PROGRAM, domain);
@@ -411,6 +411,7 @@
hp[nhosts].weight = -2;
++nhosts;
+cleanup:
/* Remove duplicates */
for (i = 0; i < nhosts; ++i) {
for (j = i + 1; j < nhosts; ++j) {
diff -u -r -N squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/support_sasl.cc squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/support_sasl.cc
--- squid-3.3.0.2/helpers/external_acl/kerberos_ldap_group/support_sasl.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/helpers/external_acl/kerberos_ldap_group/support_sasl.cc 2013-01-09 14:09:06.000000000 +1300
@@ -134,7 +134,6 @@
{
const char *dflt = interact->defresult;
- flags = flags;
switch (interact->id) {
case SASL_CB_GETREALM:
if (defaults)
@@ -231,11 +230,7 @@
char *sasl_realm = NULL;
char *sasl_authc_id = NULL;
char *sasl_authz_id = NULL;
-#ifdef HAVE_SUN_LDAP_SDK
char *sasl_mech = (char *) "GSSAPI";
-#else
- char *sasl_mech = NULL;
-#endif
/*
* Force encryption
*/
diff -u -r -N squid-3.3.0.2/helpers/external_acl/SQL_session/ext_sql_session_acl.8 squid-3.3.0.3/helpers/external_acl/SQL_session/ext_sql_session_acl.8
--- squid-3.3.0.2/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2012-12-02 21:48:04.000000000 +1300
+++ squid-3.3.0.3/helpers/external_acl/SQL_session/ext_sql_session_acl.8 2013-01-09 14:33:08.000000000 +1300
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_SQL_SESSION_ACL 1"
-.TH EXT_SQL_SESSION_ACL 1 "2012-12-02" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH EXT_SQL_SESSION_ACL 1 "2013-01-08" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.3.0.2/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 squid-3.3.0.3/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8
--- squid-3.3.0.2/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2012-12-02 21:48:04.000000000 +1300
+++ squid-3.3.0.3/helpers/external_acl/wbinfo_group/ext_wbinfo_group_acl.8 2013-01-09 14:33:08.000000000 +1300
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "EXT_WBINFO_GROUP_ACL.PL.IN 1"
-.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2012-12-02" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH EXT_WBINFO_GROUP_ACL.PL.IN 1 "2013-01-08" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.3.0.2/helpers/log_daemon/DB/log_db_daemon.8 squid-3.3.0.3/helpers/log_daemon/DB/log_db_daemon.8
--- squid-3.3.0.2/helpers/log_daemon/DB/log_db_daemon.8 2012-12-02 21:48:05.000000000 +1300
+++ squid-3.3.0.3/helpers/log_daemon/DB/log_db_daemon.8 2013-01-09 14:33:09.000000000 +1300
@@ -124,7 +124,7 @@
.\" ========================================================================
.\"
.IX Title "LOG_DB_DAEMON 1"
-.TH LOG_DB_DAEMON 1 "2012-12-02" "perl v5.10.1" "User Contributed Perl Documentation"
+.TH LOG_DB_DAEMON 1 "2013-01-08" "perl v5.10.1" "User Contributed Perl Documentation"
.\" For nroff, turn off justification. Always turn off hyphenation; it makes
.\" way too many mistakes in technical documents.
.if n .ad l
diff -u -r -N squid-3.3.0.2/helpers/log_daemon/file/log_file_daemon.cc squid-3.3.0.3/helpers/log_daemon/file/log_file_daemon.cc
--- squid-3.3.0.2/helpers/log_daemon/file/log_file_daemon.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/helpers/log_daemon/file/log_file_daemon.cc 2013-01-09 14:09:06.000000000 +1300
@@ -61,8 +61,8 @@
fprintf(stderr, "WARNING: remove '%s' failure: %s\n", to, xstrerror());
}
#endif
- if (rename(path, to) < 0 && errno != ENOENT) {
- fprintf(stderr, "WARNING: rename '%s' to '%s' failure: %s\n", path, to, xstrerror());
+ if (rename(from, to) < 0 && errno != ENOENT) {
+ fprintf(stderr, "WARNING: rename '%s' to '%s' failure: %s\n", from, to, xstrerror());
}
}
if (rotate_count > 0) {
diff -u -r -N squid-3.3.0.2/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc squid-3.3.0.3/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc
--- squid-3.3.0.2/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/helpers/negotiate_auth/kerberos/negotiate_kerberos_auth.cc 2013-01-09 14:09:06.000000000 +1300
@@ -30,6 +30,7 @@
* Hosted at http://sourceforge.net/projects/squidkerbauth
*/
#include "squid.h"
+#include "rfc1738.h"
#include "compat/getaddrinfo.h"
#include "compat/getnameinfo.h"
@@ -458,10 +459,10 @@
*p = '\0';
}
fprintf(stdout, "AF %s %s\n", token, user);
- debug((char *) "%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, token, user);
+ debug((char *) "%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, token, rfc1738_escape(user));
if (log)
fprintf(stderr, "%s| %s: INFO: User %s authenticated\n", LogTime(),
- PROGRAM, user);
+ PROGRAM, rfc1738_escape(user));
goto cleanup;
} else {
if (check_gss_err(major_status, minor_status, "gss_accept_sec_context()", log))
@@ -493,10 +494,10 @@
*p = '\0';
}
fprintf(stdout, "AF %s %s\n", "AA==", user);
- debug((char *) "%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, "AA==", user);
+ debug((char *) "%s| %s: DEBUG: AF %s %s\n", LogTime(), PROGRAM, "AA==", rfc1738_escape(user));
if (log)
fprintf(stderr, "%s| %s: INFO: User %s authenticated\n", LogTime(),
- PROGRAM, user);
+ PROGRAM, rfc1738_escape(user));
}
cleanup:
diff -u -r -N squid-3.3.0.2/include/version.h squid-3.3.0.3/include/version.h
--- squid-3.3.0.2/include/version.h 2012-12-02 21:31:05.000000000 +1300
+++ squid-3.3.0.3/include/version.h 2013-01-09 14:10:25.000000000 +1300
@@ -7,7 +7,7 @@
*/
#ifndef SQUID_RELEASE_TIME
-#define SQUID_RELEASE_TIME 1354437010
+#define SQUID_RELEASE_TIME 1357693744
#endif
#ifndef APP_SHORTNAME
diff -u -r -N squid-3.3.0.2/lib/smblib/smblib.c squid-3.3.0.3/lib/smblib/smblib.c
--- squid-3.3.0.2/lib/smblib/smblib.c 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/lib/smblib/smblib.c 2013-01-09 14:09:06.000000000 +1300
@@ -120,8 +120,10 @@
strcpy(con -> password, "");
strcpy(con -> sock_options, "");
strcpy(con -> address, "");
- strcpy(con -> desthost, server);
- strcpy(con -> PDomain, NTdomain);
+ strncpy(con -> desthost, server, sizeof(con->desthost));
+ con->desthost[sizeof(con->desthost) - 1] = '\0';
+ strncpy(con -> PDomain, NTdomain, sizeof(con->PDomain));
+ con->PDomain[sizeof(con->PDomain) - 1] = '\0';
strcpy(con -> OSName, SMBLIB_DEFAULT_OSNAME);
strcpy(con -> LMType, SMBLIB_DEFAULT_LMTYPE);
con -> first_tree = con -> last_tree = NULL;
@@ -213,9 +215,12 @@
/* Init some things ... */
- strcpy(con -> service, service);
- strcpy(con -> username, username);
- strcpy(con -> password, password);
+ strncpy(con -> service, service, sizeof(con -> service));
+ con -> service[sizeof(con -> service) - 1] = '\0';
+ strncpy(con -> username, username, sizeof(con -> username));
+ con -> username[sizeof(con -> username) - 1] = '\0';
+ strncpy(con -> password, password, sizeof(con -> password));
+ con -> password[sizeof(con -> password) - 1] = '\0';
strcpy(con -> sock_options, "");
strcpy(con -> address, "");
strcpy(con -> PDomain, SMBLIB_DEFAULT_DOMAIN);
@@ -236,9 +241,19 @@
/* Now figure out the host portion of the service */
- strcpy(temp, service);
+ strncpy(temp, service, sizeof(temp));
+ temp[sizeof(temp) - 1] = '\0';
host = strtok(temp, "/\\"); /* Separate host name portion */
- strcpy(con -> desthost, host);
+ if (!host) {
+ if (Con_Handle == NULL) {
+ free(con);
+ Con_Handle = NULL;
+ }
+ SMBlib_errno = -SMBlibE_CallFailed;
+ return NULL;
+ }
+ strncpy(con->desthost, host, sizeof(con->desthost));
+ con->desthost[sizeof(con->desthost)-1]='\0';
/* Now connect to the remote end, but first upper case the name of the
service we are going to call, sine some servers want it in uppercase */
@@ -280,9 +295,10 @@
if (SMB_Negotiate(con, SMB_Prots_Restrict) < 0) {
- /* Hmmm what should we do here ... We have a connection, but could not
- negotiate ... */
-
+ if (Con_Handle == NULL) {
+ free(con);
+ }
+ SMBlib_errno = -SMBlibE_NegNoProt;
return NULL;
}
@@ -291,6 +307,10 @@
if ((*tree = SMB_TreeConnect(con, NULL, service, password, "A:")) == NULL) {
+ if (Con_Handle == NULL) {
+ free(con);
+ }
+ SMBlib_errno = -SMBlibE_BAD;
return NULL;
}
@@ -325,7 +345,8 @@
pass_len = 24;
memcpy(pword, PassWord, 24);
} else {
- strcpy(pword, PassWord);
+ strncpy(pword, PassWord, sizeof(pword));
+ pword[sizeof(pword) - 1] = '\0';
#ifdef PAM_SMB_ENC_PASS
if (Con_Handle->encrypt_passwords) {
pass_len = 24;
@@ -391,7 +412,7 @@
p = p + 1;
- if (NtDomain != NULL) {
+ if (NtDomain == NULL) {
strcpy(p, Con_Handle -> PDomain);
p = p + strlen(Con_Handle -> PDomain);
} else {
diff -u -r -N squid-3.3.0.2/RELEASENOTES.html squid-3.3.0.3/RELEASENOTES.html
--- squid-3.3.0.2/RELEASENOTES.html 2012-12-02 21:48:12.000000000 +1300
+++ squid-3.3.0.3/RELEASENOTES.html 2013-01-09 14:33:14.000000000 +1300
@@ -2,10 +2,10 @@
- Squid 3.3.0.2 release notes
+ Squid 3.3.0.3 release notes
-Squid 3.3.0.2 release notes
+Squid 3.3.0.3 release notes
Squid Developers
@@ -56,7 +56,7 @@
-The Squid Team are pleased to announce the release of Squid-3.3.0.2 for testing.
+The Squid Team are pleased to announce the release of Squid-3.3.0.3 for testing.
This new release is available for download from
http://www.squid-cache.org/Versions/v3/3.3/ or the
mirrors.
@@ -329,7 +329,14 @@
-There are no changed ./configure options in Squid-3.3.
+- --enable-kqueue
-
+
kqueue network I/O module is now built by default when it is available.
+This option is no longer required to enable kqueue support,
+but if used will abort build when kqueue dependencies are missing or broken.
+
+ - --disable-kqueue
-
+
kqueue network I/O module is now built by default when it is available.
+This configure option is now needed to disable it. Previously it did nothing.
diff -u -r -N squid-3.3.0.2/snmplib/parse.c squid-3.3.0.3/snmplib/parse.c
--- squid-3.3.0.2/snmplib/parse.c 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/snmplib/parse.c 2013-01-09 14:09:06.000000000 +1300
@@ -405,7 +405,7 @@
np->enums = NULL; /* so we don't free them later */
if (root->child_list == NULL) {
root->child_list = tp;
- } else {
+ } else if (peer) {
peer->next_peer = tp;
}
peer = tp;
@@ -625,6 +625,16 @@
xfree((char *) np);
}
+static void
+free_node_list(struct node *nl)
+{
+ while (nl) {
+ struct node *t = nl->next;
+ free_node(nl);
+ nl = t;
+ }
+}
+
/*
* Parse an entry of the form:
* label OBJECT IDENTIFIER ::= { parent 2 }
@@ -657,9 +667,9 @@
op++, nop++) {
/* every node must have parent's name and child's name or number */
if (op->label && (nop->label || (nop->subid != -1))) {
- strcpy(np->parent, op->label);
+ strncpy(np->parent, op->label, sizeof(np->parent) - 1);
if (nop->label)
- strcpy(np->label, nop->label);
+ strncpy(np->label, nop->label, sizeof(np->label) - 1);
if (nop->subid != -1)
np->subid = nop->subid;
np->type = 0;
@@ -680,8 +690,8 @@
*/
if (count == (length - 2)) {
if (op->label) {
- strcpy(np->parent, op->label);
- strcpy(np->label, name);
+ strncpy(np->parent, op->label, sizeof(np->parent));
+ strncpy(np->label, name, sizeof(np->label));
if (nop->subid != -1)
np->subid = nop->subid;
else
@@ -690,12 +700,14 @@
free_node(np);
if (oldnp)
oldnp->next = NULL;
- else
+ else {
+ free_node_list(root); // we need to clear the newly allocated list
return NULL;
+ }
}
} else {
print_error("Missing end of oid", (char *) NULL, type);
- free_node(np); /* the last node allocated wasn't used */
+ free_node_list(root); // we need to clear the newly allocated list
if (oldnp)
oldnp->next = NULL;
return NULL;
@@ -945,9 +957,12 @@
length = getoid(fp, SubOid, 32);
if (length > 1 && length <= 32) {
/* just take the last pair in the oid list */
- if (SubOid[length - 2].label)
+ if (SubOid[length - 2].label) {
strncpy(np->parent, SubOid[length - 2].label, 64);
- strcpy(np->label, name);
+ np->parent[63] = '\0';
+ }
+ strncpy(np->label, name, sizeof(np->label));
+ np->label[sizeof(np->label) - 1] = '\0';
if (SubOid[length - 1].subid != -1)
np->subid = SubOid[length - 1].subid;
else
@@ -989,9 +1004,11 @@
return root;
}
print_error(token, "is a reserved word", type);
+ free_node_list(root);
return NULL;
}
strncpy(name, token, 64);
+ name[63] = '\0';
type = get_token(fp, token);
if (type == OBJTYPE) {
if (root == NULL) {
@@ -1005,6 +1022,7 @@
np->next = parse_objecttype(fp, name);
if (np->next == NULL) {
print_error("Bad parse of objecttype", (char *) NULL, type);
+ free_node_list(root);
return NULL;
}
}
@@ -1023,6 +1041,7 @@
np->next = parse_objectid(fp, name);
if (np->next == NULL) {
print_error("Bad parse of object type", (char *) NULL, type);
+ free_node_list(root);
return NULL;
}
}
@@ -1035,6 +1054,7 @@
break;
} else {
print_error("Bad operator", (char *) NULL, type);
+ free_node_list(root);
return NULL;
}
}
@@ -1075,18 +1095,20 @@
strlen("DUMMY")));
if (!p) {
snmplib_debug(0, "Bad MIB version or tag missing, install original!\n");
+ fclose(fp);
return NULL;
}
if (!strcmp(mbuf, "DUMMY")) {
snmplib_debug(0, "You need to update your MIB!\n");
+ fclose(fp);
return NULL;
}
nodes = parse(fp);
+ fclose(fp);
if (!nodes) {
snmplib_debug(0, "Mib table is bad. Exiting\n");
return NULL;
}
tree = build_tree(nodes);
- fclose(fp);
return (tree);
}
diff -u -r -N squid-3.3.0.2/snmplib/snmp_vars.c squid-3.3.0.3/snmplib/snmp_vars.c
--- squid-3.3.0.2/snmplib/snmp_vars.c 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/snmplib/snmp_vars.c 2013-01-09 14:09:06.000000000 +1300
@@ -373,6 +373,7 @@
u_char *DataPtr;
int DataLen;
oid TmpBuf[MAX_NAME_LEN];
+ memset(TmpBuf, 0, MAX_NAME_LEN * sizeof(*TmpBuf));
int AllVarLen = *BufLen;
int ThisVarLen = 0;
diff -u -r -N squid-3.3.0.2/src/auth/digest/auth_digest.cc squid-3.3.0.3/src/auth/digest/auth_digest.cc
--- squid-3.3.0.2/src/auth/digest/auth_digest.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/auth/digest/auth_digest.cc 2013-01-09 14:09:06.000000000 +1300
@@ -932,10 +932,14 @@
/* 2069 requirements */
+ // return value.
+ Auth::UserRequest::Pointer rv;
/* do we have a username ? */
if (!username || username[0] == '\0') {
- debugs(29, 2, HERE << "Empty or not present username");
- return authDigestLogUsername(username, digest_request);
+ debugs(29, 2, "Empty or not present username");
+ rv = authDigestLogUsername(username, digest_request);
+ safe_free(username);
+ return rv;
}
/* Sanity check of the username.
@@ -943,33 +947,43 @@
* have been redone
*/
if (strchr(username, '"')) {
- debugs(29, 2, HERE << "Unacceptable username '" << username << "'");
- return authDigestLogUsername(username, digest_request);
+ debugs(29, 2, "Unacceptable username '" << username << "'");
+ rv = authDigestLogUsername(username, digest_request);
+ safe_free(username);
+ return rv;
}
/* do we have a realm ? */
if (!digest_request->realm || digest_request->realm[0] == '\0') {
- debugs(29, 2, HERE << "Empty or not present realm");
- return authDigestLogUsername(username, digest_request);
+ debugs(29, 2, "Empty or not present realm");
+ rv = authDigestLogUsername(username, digest_request);
+ safe_free(username);
+ return rv;
}
/* and a nonce? */
if (!digest_request->nonceb64 || digest_request->nonceb64[0] == '\0') {
- debugs(29, 2, HERE << "Empty or not present nonce");
- return authDigestLogUsername(username, digest_request);
+ debugs(29, 2, "Empty or not present nonce");
+ rv = authDigestLogUsername(username, digest_request);
+ safe_free(username);
+ return rv;
}
/* we can't check the URI just yet. We'll check it in the
* authenticate phase, but needs to be given */
if (!digest_request->uri || digest_request->uri[0] == '\0') {
- debugs(29, 2, HERE << "Missing URI field");
- return authDigestLogUsername(username, digest_request);
+ debugs(29, 2, "Missing URI field");
+ rv = authDigestLogUsername(username, digest_request);
+ safe_free(username);
+ return rv;
}
/* is the response the correct length? */
if (!digest_request->response || strlen(digest_request->response) != 32) {
- debugs(29, 2, HERE << "Response length invalid");
- return authDigestLogUsername(username, digest_request);
+ debugs(29, 2, "Response length invalid");
+ rv = authDigestLogUsername(username, digest_request);
+ safe_free(username);
+ return rv;
}
/* check the algorithm is present and supported */
@@ -977,8 +991,10 @@
digest_request->algorithm = xstrndup("MD5", 4);
else if (strcmp(digest_request->algorithm, "MD5")
&& strcmp(digest_request->algorithm, "MD5-sess")) {
- debugs(29, 2, HERE << "invalid algorithm specified!");
- return authDigestLogUsername(username, digest_request);
+ debugs(29, 2, "invalid algorithm specified!");
+ rv = authDigestLogUsername(username, digest_request);
+ safe_free(username);
+ return rv;
}
/* 2617 requirements, indicated by qop */
@@ -987,26 +1003,34 @@
/* check the qop is what we expected. */
if (strcmp(digest_request->qop, QOP_AUTH) != 0) {
/* we received a qop option we didn't send */
- debugs(29, 2, HERE << "Invalid qop option received");
- return authDigestLogUsername(username, digest_request);
+ debugs(29, 2, "Invalid qop option received");
+ rv = authDigestLogUsername(username, digest_request);
+ safe_free(username);
+ return rv;
}
/* check cnonce */
if (!digest_request->cnonce || digest_request->cnonce[0] == '\0') {
- debugs(29, 2, HERE << "Missing cnonce field");
- return authDigestLogUsername(username, digest_request);
+ debugs(29, 2, "Missing cnonce field");
+ rv = authDigestLogUsername(username, digest_request);
+ safe_free(username);
+ return rv;
}
/* check nc */
if (strlen(digest_request->nc) != 8 || strspn(digest_request->nc, "0123456789abcdefABCDEF") != 8) {
- debugs(29, 2, HERE << "invalid nonce count");
- return authDigestLogUsername(username, digest_request);
+ debugs(29, 2, "invalid nonce count");
+ rv = authDigestLogUsername(username, digest_request);
+ safe_free(username);
+ return rv;
}
} else {
/* cnonce and nc both require qop */
- if (digest_request->cnonce || digest_request->nc) {
- debugs(29, 2, HERE << "missing qop!");
- return authDigestLogUsername(username, digest_request);
+ if (digest_request->cnonce || digest_request->nc[0] != '\0') {
+ debugs(29, 2, "missing qop!");
+ rv = authDigestLogUsername(username, digest_request);
+ safe_free(username);
+ return rv;
}
}
@@ -1016,10 +1040,12 @@
nonce = authenticateDigestNonceFindNonce(digest_request->nonceb64);
if (!nonce) {
/* we couldn't find a matching nonce! */
- debugs(29, 2, HERE << "Unexpected or invalid nonce received");
+ debugs(29, 2, "Unexpected or invalid nonce received");
if (digest_request->user() != NULL)
digest_request->user()->credentials(Auth::Failed);
- return authDigestLogUsername(username, digest_request);
+ rv = authDigestLogUsername(username, digest_request);
+ safe_free(username);
+ return rv;
}
digest_request->nonce = nonce;
@@ -1027,8 +1053,10 @@
/* check that we're not being hacked / the username hasn't changed */
if (nonce->user && strcmp(username, nonce->user->username())) {
- debugs(29, 2, HERE << "Username for the nonce does not equal the username for the request");
- return authDigestLogUsername(username, digest_request);
+ debugs(29, 2, "Username for the nonce does not equal the username for the request");
+ rv = authDigestLogUsername(username, digest_request);
+ safe_free(username);
+ return rv;
}
/* the method we'll check at the authenticate step as well */
diff -u -r -N squid-3.3.0.2/src/auth/negotiate/auth_negotiate.cc squid-3.3.0.3/src/auth/negotiate/auth_negotiate.cc
--- squid-3.3.0.2/src/auth/negotiate/auth_negotiate.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/auth/negotiate/auth_negotiate.cc 2013-01-09 14:09:06.000000000 +1300
@@ -66,9 +66,6 @@
static int authnegotiate_initialised = 0;
/// \ingroup AuthNegotiateInternal
-Auth::Negotiate::Config negotiateConfig;
-
-/// \ingroup AuthNegotiateInternal
static hash_table *proxy_auth_cache = NULL;
/*
@@ -292,7 +289,7 @@
Auth::UserRequest::Pointer
Auth::Negotiate::Config::decode(char const *proxy_auth)
{
- Auth::Negotiate::User *newUser = new Auth::Negotiate::User(&negotiateConfig);
+ Auth::Negotiate::User *newUser = new Auth::Negotiate::User(Auth::Config::Find("negotiate"));
Auth::UserRequest *auth_user_request = new Auth::Negotiate::UserRequest();
assert(auth_user_request->user() == NULL);
diff -u -r -N squid-3.3.0.2/src/cache_cf.cc squid-3.3.0.3/src/cache_cf.cc
--- squid-3.3.0.2/src/cache_cf.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/cache_cf.cc 2013-01-09 14:09:06.000000000 +1300
@@ -2282,7 +2282,7 @@
p->sslcapath = xstrdup(token + 10);
} else if (strncmp(token, "sslcrlfile=", 11) == 0) {
safe_free(p->sslcrlfile);
- p->sslcapath = xstrdup(token + 10);
+ p->sslcrlfile = xstrdup(token + 11);
} else if (strncmp(token, "sslflags=", 9) == 0) {
safe_free(p->sslflags);
p->sslflags = xstrdup(token + 9);
@@ -4179,7 +4179,7 @@
cpuAffinityMap->processes()[i]);
}
storeAppendPrintf(entry, " cores=");
- for (size_t i = 0; i < cpuAffinityMap->processes().size(); ++i) {
+ for (size_t i = 0; i < cpuAffinityMap->cores().size(); ++i) {
storeAppendPrintf(entry, "%s%i", (i ? "," : ""),
cpuAffinityMap->cores()[i]);
}
diff -u -r -N squid-3.3.0.2/src/client_side.cc squid-3.3.0.3/src/client_side.cc
--- squid-3.3.0.2/src/client_side.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/client_side.cc 2013-01-09 14:09:06.000000000 +1300
@@ -702,7 +702,8 @@
if (request)
al->adapted_request = HTTPMSGLOCK(request);
accessLogLog(al, checklist);
- updateCounters();
+ if (request)
+ updateCounters();
if (getConn() != NULL && getConn()->clientConnection != NULL)
clientdbUpdate(getConn()->clientConnection->remote, logType, AnyP::PROTO_HTTP, out.size);
@@ -2128,14 +2129,18 @@
}
}
-/**
- * parseHttpRequest()
+/** Parse an HTTP request
*
- * Returns
- * NULL on incomplete requests
- * a ClientSocketContext structure on success or failure.
- * Sets result->flags.parsed_ok to 0 if failed to parse the request.
- * Sets result->flags.parsed_ok to 1 if we have a good request.
+ * \note Sets result->flags.parsed_ok to 0 if failed to parse the request,
+ * to 1 if the request was correctly parsed.
+ * \param[in] csd a ConnStateData. The caller must make sure it is not null
+ * \param[in] hp an HttpParser
+ * \param[out] mehtod_p will be set as a side-effect of the parsing.
+ * Pointed-to value will be set to Http::METHOD_NONE in case of
+ * parsing failure
+ * \param[out] http_ver will be set as a side-effect of the parsing
+ * \return NULL on incomplete requests,
+ * a ClientSocketContext structure on success or failure.
*/
static ClientSocketContext *
parseHttpRequest(ConnStateData *csd, HttpParser *hp, HttpRequestMethod * method_p, HttpVersion *http_ver)
@@ -2211,7 +2216,7 @@
*method_p = HttpRequestMethod(&hp->buf[hp->req.m_start], &hp->buf[hp->req.m_end]+1);
/* deny CONNECT via accelerated ports */
- if (*method_p == METHOD_CONNECT && csd && csd->port && csd->port->accel) {
+ if (*method_p == METHOD_CONNECT && csd->port && csd->port->accel) {
debugs(33, DBG_IMPORTANT, "WARNING: CONNECT method received on " << csd->port->protocol << " Accelerator port " << csd->port->s.GetPort() );
/* XXX need a way to say "this many character length string" */
debugs(33, DBG_IMPORTANT, "WARNING: for request: " << hp->buf);
diff -u -r -N squid-3.3.0.2/src/client_side_reply.cc squid-3.3.0.3/src/client_side_reply.cc
--- squid-3.3.0.2/src/client_side_reply.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/client_side_reply.cc 2013-01-09 14:09:06.000000000 +1300
@@ -2067,10 +2067,14 @@
ConnStateData * conn = http->getConn();
- if (conn == NULL || !conn->isOpen()) {
- // too late, our conn is closing
- // TODO: should we also quit?
- debugs(33,3, HERE << "not sending more data to a closing " << conn->clientConnection);
+ // too late, our conn is closing
+ // TODO: should we also quit?
+ if (conn == NULL) {
+ debugs(33,3, "not sending more data to a closed connection" );
+ return;
+ }
+ if (!conn->isOpen()) {
+ debugs(33,3, "not sending more data to closing connection " << conn->clientConnection);
return;
}
diff -u -r -N squid-3.3.0.2/src/client_side_request.cc squid-3.3.0.3/src/client_side_request.cc
--- squid-3.3.0.2/src/client_side_request.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/client_side_request.cc 2013-01-09 14:09:06.000000000 +1300
@@ -1757,6 +1757,7 @@
clientStreamNode *node = (clientStreamNode *)client_stream.tail->prev->data;
clientReplyContext *repContext = dynamic_cast(node->data.getRaw());
+ assert(repContext);
repContext->createStoreEntry(request->method, request->flags);
EBIT_CLR(storeEntry()->flags, ENTRY_FWD_HDR_WAIT);
@@ -1910,7 +1911,8 @@
#endif
calloutContext->error->detailError(errDetail);
calloutContext->readNextRequest = true;
- c->expectNoForwarding();
+ if (c != NULL)
+ c->expectNoForwarding();
doCallouts();
}
//else if(calloutContext == NULL) is it possible?
diff -u -r -N squid-3.3.0.2/src/comm/ModKqueue.cc squid-3.3.0.3/src/comm/ModKqueue.cc
--- squid-3.3.0.2/src/comm/ModKqueue.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/comm/ModKqueue.cc 2013-01-09 14:09:06.000000000 +1300
@@ -55,6 +55,7 @@
#if USE_KQUEUE
#include "comm/Loops.h"
#include "fde.h"
+#include "globals.h"
#include "SquidTime.h"
#include "StatCounters.h"
#include "Store.h"
diff -u -r -N squid-3.3.0.2/src/DiskIO/AIO/AIODiskIOStrategy.cc squid-3.3.0.3/src/DiskIO/AIO/AIODiskIOStrategy.cc
--- squid-3.3.0.2/src/DiskIO/AIO/AIODiskIOStrategy.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/DiskIO/AIO/AIODiskIOStrategy.cc 2013-01-09 14:09:06.000000000 +1300
@@ -47,9 +47,12 @@
#include "DiskIO/ReadRequest.h"
#include "DiskIO/WriteRequest.h"
-AIODiskIOStrategy::AIODiskIOStrategy()
+AIODiskIOStrategy::AIODiskIOStrategy() :
+ fd(-1)
{
+ aq.aq_state = AQ_STATE_NONE;
aq.aq_numpending = 0;
+ memset(&aq.aq_queue, 0, sizeof(aq.aq_queue));
}
AIODiskIOStrategy::~AIODiskIOStrategy()
diff -u -r -N squid-3.3.0.2/src/DiskIO/DiskDaemon/diskd.cc squid-3.3.0.3/src/DiskIO/DiskDaemon/diskd.cc
--- squid-3.3.0.2/src/DiskIO/DiskDaemon/diskd.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/DiskIO/DiskDaemon/diskd.cc 2013-01-09 14:09:06.000000000 +1300
@@ -264,6 +264,10 @@
if (s->shm_offset > -1)
buf = shmbuf + s->shm_offset;
+ else {
+ fprintf(stderr, "%d UNLNK id(%u) Error: no filename in shm buffer\n", (int) mypid, s->id);
+ return;
+ }
switch (r->mtype) {
@@ -368,7 +372,10 @@
hash = hash_create(fsCmp, 1 << 4, fsHash);
assert(hash);
- fcntl(0, F_SETFL, SQUID_NONBLOCK);
+ if (fcntl(0, F_SETFL, SQUID_NONBLOCK) < 0) {
+ perror(xstrerror());
+ return 1;
+ }
memset(&sa, '\0', sizeof(sa));
sa.sa_handler = alarm_handler;
sa.sa_flags = SA_RESTART;
diff -u -r -N squid-3.3.0.2/src/DiskIO/DiskDaemon/DiskdFile.cc squid-3.3.0.3/src/DiskIO/DiskDaemon/DiskdFile.cc
--- squid-3.3.0.2/src/DiskIO/DiskDaemon/DiskdFile.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/DiskIO/DiskDaemon/DiskdFile.cc 2013-01-09 14:09:06.000000000 +1300
@@ -66,8 +66,11 @@
cbdataFree(t);
}
-DiskdFile::DiskdFile(char const *aPath, DiskdIOStrategy *anIO) : errorOccured (false), IO(anIO),
- inProgressIOs (0)
+DiskdFile::DiskdFile(char const *aPath, DiskdIOStrategy *anIO) :
+ errorOccured(false),
+ IO(anIO),
+ mode(0),
+ inProgressIOs(0)
{
assert (aPath);
debugs(79, 3, "DiskdFile::DiskdFile: " << aPath);
@@ -379,8 +382,10 @@
debugs(79, 3, "DiskdFile::readDone: status " << M->status);
assert (M->requestor);
ReadRequest::Pointer readRequest = dynamic_cast(M->requestor);
+
/* remove the free protection */
- readRequest->RefCountDereference();
+ if (readRequest != NULL)
+ readRequest->RefCountDereference();
if (M->status < 0) {
++diskd_stats.read.fail;
@@ -404,7 +409,8 @@
assert (M->requestor);
WriteRequest::Pointer writeRequest = dynamic_cast(M->requestor);
/* remove the free protection */
- writeRequest->RefCountDereference();
+ if (writeRequest != NULL)
+ writeRequest->RefCountDereference();
if (M->status < 0) {
errorOccured = true;
diff -u -r -N squid-3.3.0.2/src/DiskIO/DiskThreads/aiops.cc squid-3.3.0.3/src/DiskIO/DiskThreads/aiops.cc
--- squid-3.3.0.2/src/DiskIO/DiskThreads/aiops.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/DiskIO/DiskThreads/aiops.cc 2013-01-09 14:09:06.000000000 +1300
@@ -722,8 +722,10 @@
static void
squidaio_do_read(squidaio_request_t * requestp)
{
- lseek(requestp->fd, requestp->offset, requestp->whence);
- requestp->ret = read(requestp->fd, requestp->bufferp, requestp->buflen);
+ if (lseek(requestp->fd, requestp->offset, requestp->whence) >= 0)
+ requestp->ret = read(requestp->fd, requestp->bufferp, requestp->buflen);
+ else
+ requestp->ret = -1;
requestp->err = errno;
}
diff -u -r -N squid-3.3.0.2/src/DiskIO/DiskThreads/DiskThreadsIOStrategy.cc squid-3.3.0.3/src/DiskIO/DiskThreads/DiskThreadsIOStrategy.cc
--- squid-3.3.0.2/src/DiskIO/DiskThreads/DiskThreadsIOStrategy.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/DiskIO/DiskThreads/DiskThreadsIOStrategy.cc 2013-01-09 14:09:06.000000000 +1300
@@ -187,7 +187,10 @@
debugs(32, 2, "aioSync: done");
}
-DiskThreadsIOStrategy::DiskThreadsIOStrategy() : initialised (false) {}
+DiskThreadsIOStrategy::DiskThreadsIOStrategy() :
+ initialised(false),
+ squidaio_ctrl_pool(NULL)
+{}
void
DiskThreadsIOStrategy::aioStats(StoreEntry * sentry)
diff -u -r -N squid-3.3.0.2/src/DiskIO/IpcIo/IpcIoFile.cc squid-3.3.0.3/src/DiskIO/IpcIo/IpcIoFile.cc
--- squid-3.3.0.2/src/DiskIO/IpcIo/IpcIoFile.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/DiskIO/IpcIo/IpcIoFile.cc 2013-01-09 14:09:06.000000000 +1300
@@ -588,9 +588,14 @@
/* IpcIoMsg */
IpcIoMsg::IpcIoMsg():
- requestId(0), offset(0), len(0), command(IpcIo::cmdNone), xerrno(0)
+ requestId(0),
+ offset(0),
+ len(0),
+ command(IpcIo::cmdNone),
+ xerrno(0)
{
start.tv_sec = 0;
+ start.tv_usec = 0;
}
/* IpcIoPendingRequest */
diff -u -r -N squid-3.3.0.2/src/esi/Esi.cc squid-3.3.0.3/src/esi/Esi.cc
--- squid-3.3.0.2/src/esi/Esi.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/esi/Esi.cc 2013-01-09 14:09:06.000000000 +1300
@@ -2077,12 +2077,13 @@
debugs (86,3, "esiChooseAdd: Added a new element, elements = " << elements.size());
- if (chosenelement == -1)
- if ((dynamic_cast(element.getRaw()))->
- testsTrue()) {
+ if (chosenelement == -1) {
+ const esiWhen * topElement=dynamic_cast(element.getRaw());
+ if (topElement && topElement->testsTrue()) {
chosenelement = elements.size() - 1;
debugs (86,3, "esiChooseAdd: Chose element " << elements.size());
}
+ }
}
return true;
diff -u -r -N squid-3.3.0.2/src/fs/ufs/UFSSwapDir.cc squid-3.3.0.3/src/fs/ufs/UFSSwapDir.cc
--- squid-3.3.0.2/src/fs/ufs/UFSSwapDir.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/fs/ufs/UFSSwapDir.cc 2013-01-09 14:09:06.000000000 +1300
@@ -236,7 +236,7 @@
/* TODO: factor out these 4 lines */
ConfigOption *ioOptions = IO->io->getOptionTree();
- if (ioOptions)
+ if (currentIOOptions && ioOptions)
currentIOOptions->options.push_back(ioOptions);
}
diff -u -r -N squid-3.3.0.2/src/htcp.cc squid-3.3.0.3/src/htcp.cc
--- squid-3.3.0.2/src/htcp.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/htcp.cc 2013-01-09 14:09:06.000000000 +1300
@@ -1088,14 +1088,15 @@
htcpHandleTstResponse(hdr, buf, sz, from);
}
-HtcpReplyData::HtcpReplyData() : hdr(hoHtcpReply)
+HtcpReplyData::HtcpReplyData() :
+ hit(0), hdr(hoHtcpReply), msg_id(0), version(0.0)
{}
static void
htcpHandleTstResponse(htcpDataHeader * hdr, char *buf, int sz, Ip::Address &from)
{
- htcpReplyData htcpReply;
+ HtcpReplyData htcpReply;
cache_key *key = NULL;
Ip::Address *peer;
@@ -1180,14 +1181,13 @@
/* s is a new object */
s = htcpUnpackSpecifier(buf, sz);
- s->setFrom(from);
-
- s->setDataHeader(dhdr);
-
- if (NULL == s) {
+ if (s == NULL) {
debugs(31, 3, "htcpHandleTstRequest: htcpUnpackSpecifier failed");
htcpLogHtcp(from, dhdr->opcode, LOG_UDP_INVALID, dash_str);
return;
+ } else {
+ s->setFrom(from);
+ s->setDataHeader(dhdr);
}
if (!s->request) {
diff -u -r -N squid-3.3.0.2/src/htcp.h squid-3.3.0.3/src/htcp.h
--- squid-3.3.0.2/src/htcp.h 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/htcp.h 2013-01-09 14:09:06.000000000 +1300
@@ -57,11 +57,8 @@
} cto;
};
-/// \bug redundant typedef
-typedef class HtcpReplyData htcpReplyData;
-
/// \ingroup ServerProtocolHTCP
-void neighborsHtcpReply(const cache_key *, htcpReplyData *, const Ip::Address &);
+void neighborsHtcpReply(const cache_key *, HtcpReplyData *, const Ip::Address &);
/// \ingroup ServerProtocolHTCP
void htcpOpenPorts(void);
diff -u -r -N squid-3.3.0.2/src/HttpHdrRange.cc squid-3.3.0.3/src/HttpHdrRange.cc
--- squid-3.3.0.2/src/HttpHdrRange.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/HttpHdrRange.cc 2013-01-09 14:09:06.000000000 +1300
@@ -96,7 +96,7 @@
return false;
} else
/* must have a '-' somewhere in _this_ field */
- if (!((p = strchr(field, '-')) || (p - field >= flen))) {
+ if (!((p = strchr(field, '-')) && (p - field < flen))) {
debugs(64, 2, "invalid (missing '-') range-spec near: '" << field << "'");
return false;
} else {
diff -u -r -N squid-3.3.0.2/src/icmp/Icmp4.cc squid-3.3.0.3/src/icmp/Icmp4.cc
--- squid-3.3.0.2/src/icmp/Icmp4.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/icmp/Icmp4.cc 2013-01-09 14:09:06.000000000 +1300
@@ -155,6 +155,7 @@
}
Log(to, ' ', NULL, 0, 0);
+ to.FreeAddrInfo(S);
}
void
@@ -220,11 +221,15 @@
icmp = (struct icmphdr *) (void *) (pkt + iphdrlen);
- if (icmp->icmp_type != ICMP_ECHOREPLY)
+ if (icmp->icmp_type != ICMP_ECHOREPLY) {
+ preply.from.FreeAddrInfo(from);
return;
+ }
- if (icmp->icmp_id != icmp_ident)
+ if (icmp->icmp_id != icmp_ident) {
+ preply.from.FreeAddrInfo(from);
return;
+ }
echo = (icmpEchoData *) (void *) (icmp + 1);
@@ -241,6 +246,7 @@
control.SendResult(preply, (sizeof(pingerReplyData) - MAX_PKT4_SZ + preply.psize) );
Log(preply.from, icmp->icmp_type, icmpPktStr[icmp->icmp_type], preply.rtt, preply.hops);
+ preply.from.FreeAddrInfo(from);
}
#endif /* USE_ICMP */
diff -u -r -N squid-3.3.0.2/src/icmp/Icmp6.cc squid-3.3.0.3/src/icmp/Icmp6.cc
--- squid-3.3.0.2/src/icmp/Icmp6.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/icmp/Icmp6.cc 2013-01-09 14:09:06.000000000 +1300
@@ -200,6 +200,7 @@
debugs(42,9, HERE << "x=" << x);
Log(to, 0, NULL, 0, 0);
+ to.FreeAddrInfo(S);
}
/**
@@ -293,11 +294,13 @@
( icmp6header->icmp6_type&0x80 ? icmp6HighPktStr[(int)(icmp6header->icmp6_type&0x7f)] : icmp6LowPktStr[(int)(icmp6header->icmp6_type&0x7f)] )
);
}
+ preply.from.FreeAddrInfo(from);
return;
}
if (icmp6header->icmp6_id != icmp_ident) {
debugs(42, 8, HERE << "dropping Icmp6 read. IDENT check failed. ident=='" << icmp_ident << "'=='" << icmp6header->icmp6_id << "'");
+ preply.from.FreeAddrInfo(from);
return;
}
@@ -334,6 +337,7 @@
/* send results of the lookup back to squid.*/
control.SendResult(preply, (sizeof(pingerReplyData) - PINGER_PAYLOAD_SZ + preply.psize) );
+ preply.from.FreeAddrInfo(from);
}
#endif /* USE_ICMP */
diff -u -r -N squid-3.3.0.2/src/icp_v2.cc squid-3.3.0.3/src/icp_v2.cc
--- squid-3.3.0.2/src/icp_v2.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/icp_v2.cc 2013-01-09 14:09:06.000000000 +1300
@@ -95,10 +95,13 @@
Comm::ConnectionPointer icpOutgoingConn = NULL;
/* icp_common_t */
-_icp_common_t::_icp_common_t() : opcode(ICP_INVALID), version(0), length(0), reqnum(0), flags(0), pad(0), shostid(0)
+_icp_common_t::_icp_common_t() :
+ opcode(ICP_INVALID), version(0), length(0), reqnum(0),
+ flags(0), pad(0), shostid(0)
{}
-_icp_common_t::_icp_common_t(char *buf, unsigned int len)
+_icp_common_t::_icp_common_t(char *buf, unsigned int len) :
+ opcode(ICP_INVALID), version(0), reqnum(0), flags(0), pad(0), shostid(0)
{
if (len < sizeof(_icp_common_t)) {
/* mark as invalid */
diff -u -r -N squid-3.3.0.2/src/ip/Qos.cci squid-3.3.0.3/src/ip/Qos.cci
--- squid-3.3.0.2/src/ip/Qos.cci 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/ip/Qos.cci 2013-01-09 14:09:06.000000000 +1300
@@ -5,8 +5,13 @@
int
Ip::Qos::setSockTos(const Comm::ConnectionPointer &conn, tos_t tos)
{
-#ifdef IP_TOS
- int x = setsockopt(conn->fd, IPPROTO_IP, IP_TOS, &tos, sizeof(tos_t));
+#if defined(IP_TOS)
+ // Bug 3731: FreeBSD produces 'invalid option'
+ // unless we pass it a 32-bit variable storing 8-bits of data.
+ // NP: it is documented as 'int' for all systems, even those like Linux which accept 8-bit char
+ // so we convert to a int before setting.
+ int bTos = tos;
+ int x = setsockopt(conn->fd, IPPROTO_IP, IP_TOS, &bTos, sizeof(bTos));
if (x < 0)
debugs(50, 2, "Ip::Qos::setSockTos: setsockopt(IP_TOS) on " << conn << ": " << xstrerror());
return x;
diff -u -r -N squid-3.3.0.2/src/ip/QosConfig.cc squid-3.3.0.3/src/ip/QosConfig.cc
--- squid-3.3.0.2/src/ip/QosConfig.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/ip/QosConfig.cc 2013-01-09 14:09:06.000000000 +1300
@@ -184,22 +184,14 @@
Ip::Qos::Config Ip::Qos::TheConfig;
-Ip::Qos::Config::Config()
+Ip::Qos::Config::Config() : tosLocalHit(0), tosSiblingHit(0), tosParentHit(0),
+ tosMiss(0), tosMissMask(0), preserveMissTos(false),
+ preserveMissTosMask(0xFF), markLocalHit(0), markSiblingHit(0),
+ markParentHit(0), markMiss(0), markMissMask(0),
+ preserveMissMark(false), preserveMissMarkMask(0xFFFFFFFF),
+ tosToServer(NULL), tosToClient(NULL), nfmarkToServer(NULL),
+ nfmarkToClient(NULL)
{
- tosLocalHit = 0;
- tosSiblingHit = 0;
- tosParentHit = 0;
- tosMiss = 0;
- tosMissMask = 0;
- preserveMissTos = false;
- preserveMissTosMask = 0xFF;
- markLocalHit = 0;
- markSiblingHit = 0;
- markParentHit = 0;
- markMiss = 0;
- markMissMask = 0;
- preserveMissMark = false;
- preserveMissMarkMask = 0xFFFFFFFF;
}
void
diff -u -r -N squid-3.3.0.2/src/ipc/Kid.cc squid-3.3.0.3/src/ipc/Kid.cc
--- squid-3.3.0.2/src/ipc/Kid.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/ipc/Kid.cc 2013-01-09 14:09:06.000000000 +1300
@@ -17,7 +17,8 @@
badFailures(0),
pid(-1),
startTime(0),
- isRunning(false)
+ isRunning(false),
+ status(0)
{
}
@@ -26,7 +27,8 @@
badFailures(0),
pid(-1),
startTime(0),
- isRunning(false)
+ isRunning(false),
+ status(0)
{
}
diff -u -r -N squid-3.3.0.2/src/MemObject.cc squid-3.3.0.3/src/MemObject.cc
--- squid-3.3.0.2/src/MemObject.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/MemObject.cc 2013-01-09 14:09:06.000000000 +1300
@@ -182,7 +182,7 @@
debugs(20, DBG_IMPORTANT, "MemObject->nclients: " << nclients);
debugs(20, DBG_IMPORTANT, "MemObject->reply: " << _reply);
debugs(20, DBG_IMPORTANT, "MemObject->request: " << request);
- debugs(20, DBG_IMPORTANT, "MemObject->log_url: " << log_url << " " << checkNullString(log_url));
+ debugs(20, DBG_IMPORTANT, "MemObject->log_url: " << checkNullString(log_url));
}
HttpReply const *
diff -u -r -N squid-3.3.0.2/src/neighbors.cc squid-3.3.0.3/src/neighbors.cc
--- squid-3.3.0.2/src/neighbors.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/neighbors.cc 2013-01-09 14:09:06.000000000 +1300
@@ -74,7 +74,7 @@
static void neighborRemove(CachePeer *);
static void neighborAlive(CachePeer *, const MemObject *, const icp_common_t *);
#if USE_HTCP
-static void neighborAliveHtcp(CachePeer *, const MemObject *, const htcpReplyData *);
+static void neighborAliveHtcp(CachePeer *, const MemObject *, const HtcpReplyData *);
#endif
static void neighborCountIgnored(CachePeer *);
static void peerRefreshDNS(void *);
@@ -893,7 +893,7 @@
#if USE_HTCP
static void
-neighborAliveHtcp(CachePeer * p, const MemObject * mem, const htcpReplyData * htcp)
+neighborAliveHtcp(CachePeer * p, const MemObject * mem, const HtcpReplyData * htcp)
{
peerAlive(p);
++ p->stats.pings_acked;
@@ -1689,7 +1689,7 @@
#if USE_HTCP
void
-neighborsHtcpReply(const cache_key * key, htcpReplyData * htcp, const Ip::Address &from)
+neighborsHtcpReply(const cache_key * key, HtcpReplyData * htcp, const Ip::Address &from)
{
StoreEntry *e = Store::Root().get(key);
MemObject *mem = NULL;
diff -u -r -N squid-3.3.0.2/src/Parsing.cc squid-3.3.0.3/src/Parsing.cc
--- squid-3.3.0.2/src/Parsing.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/Parsing.cc 2013-01-09 14:09:06.000000000 +1300
@@ -84,7 +84,7 @@
GetInteger64(void)
{
char *token = strtok(NULL, w_space);
- int i;
+ int64_t i;
if (token == NULL)
self_destruct();
diff -u -r -N squid-3.3.0.2/src/peer_proxy_negotiate_auth.cc squid-3.3.0.3/src/peer_proxy_negotiate_auth.cc
--- squid-3.3.0.2/src/peer_proxy_negotiate_auth.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/peer_proxy_negotiate_auth.cc 2013-01-09 14:09:06.000000000 +1300
@@ -331,8 +331,7 @@
p = strchr(buf, ':');
if (p)
++p;
- if (keytab_filename)
- xfree(keytab_filename);
+ xfree(keytab_filename);
keytab_filename = xstrdup(p ? p : buf);
} else {
keytab_filename = xstrdup(kf);
@@ -425,6 +424,10 @@
mem_cache =
(char *) xmalloc(strlen("FILE:/tmp/peer_proxy_negotiate_auth_")
+ 16);
+ if (!mem_cache) {
+ debugs(11, 5, "Error while allocating memory");
+ return(1);
+ }
snprintf(mem_cache,
strlen("FILE:/tmp/peer_proxy_negotiate_auth_") + 16,
"FILE:/tmp/peer_proxy_negotiate_auth_%d", (int) getpid());
@@ -432,6 +435,10 @@
mem_cache =
(char *) xmalloc(strlen("MEMORY:peer_proxy_negotiate_auth_") +
16);
+ if (!mem_cache) {
+ debugs(11, 5, "Error while allocating memory");
+ return(1);
+ }
snprintf(mem_cache,
strlen("MEMORY:peer_proxy_negotiate_auth_") + 16,
"MEMORY:peer_proxy_negotiate_auth_%d", (int) getpid());
@@ -439,8 +446,7 @@
setenv("KRB5CCNAME", mem_cache, 1);
code = krb5_cc_resolve(kparam.context, mem_cache, &kparam.cc);
- if (mem_cache)
- xfree(mem_cache);
+ xfree(mem_cache);
if (code) {
debugs(11, 5,
HERE << "Error while resolving memory credential cache : "
diff -u -r -N squid-3.3.0.2/src/peer_select.cc squid-3.3.0.3/src/peer_select.cc
--- squid-3.3.0.2/src/peer_select.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/peer_select.cc 2013-01-09 14:09:06.000000000 +1300
@@ -72,8 +72,8 @@
static void peerSelectStateFree(ps_state * psstate);
static void peerIcpParentMiss(CachePeer *, icp_common_t *, ps_state *);
#if USE_HTCP
-static void peerHtcpParentMiss(CachePeer *, htcpReplyData *, ps_state *);
-static void peerHandleHtcpReply(CachePeer *, peer_t, htcpReplyData *, void *);
+static void peerHtcpParentMiss(CachePeer *, HtcpReplyData *, ps_state *);
+static void peerHandleHtcpReply(CachePeer *, peer_t, HtcpReplyData *, void *);
#endif
static int peerCheckNetdbDirect(ps_state * psstate);
static void peerGetSomeNeighbor(ps_state *);
@@ -836,7 +836,7 @@
#if USE_HTCP
static void
-peerHandleHtcpReply(CachePeer * p, peer_t type, htcpReplyData * htcp, void *data)
+peerHandleHtcpReply(CachePeer * p, peer_t type, HtcpReplyData * htcp, void *data)
{
ps_state *psstate = (ps_state *)data;
debugs(44, 3, "peerHandleHtcpReply: " <<
@@ -861,7 +861,7 @@
}
static void
-peerHtcpParentMiss(CachePeer * p, htcpReplyData * htcp, ps_state * ps)
+peerHtcpParentMiss(CachePeer * p, HtcpReplyData * htcp, ps_state * ps)
{
int rtt;
@@ -910,7 +910,7 @@
#if USE_HTCP
else if (proto == AnyP::PROTO_HTCP)
- peerHandleHtcpReply(p, type, (htcpReplyData *)pingdata, data);
+ peerHandleHtcpReply(p, type, (HtcpReplyData *)pingdata, data);
#endif
diff -u -r -N squid-3.3.0.2/src/ssl/helper.cc squid-3.3.0.3/src/ssl/helper.cc
--- squid-3.3.0.2/src/ssl/helper.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/ssl/helper.cc 2013-01-09 14:09:06.000000000 +1300
@@ -14,7 +14,7 @@
return &sslHelper;
}
-Ssl::Helper::Helper()
+Ssl::Helper::Helper() : ssl_crtd(NULL)
{
}
diff -u -r -N squid-3.3.0.2/src/store_dir.cc squid-3.3.0.3/src/store_dir.cc
--- squid-3.3.0.2/src/store_dir.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/store_dir.cc 2013-01-09 14:09:06.000000000 +1300
@@ -913,6 +913,10 @@
void
StoreHashIndex::create()
{
+ if (Config.cacheSwap.n_configured == 0) {
+ debugs(0, DBG_PARSE_NOTE(DBG_CRITICAL), "No cache_dir stores are configured.");
+ }
+
for (int i = 0; i < Config.cacheSwap.n_configured; ++i) {
if (dir(i).active())
store(i)->create();
diff -u -r -N squid-3.3.0.2/src/tests/stub_MemObject.cc squid-3.3.0.3/src/tests/stub_MemObject.cc
--- squid-3.3.0.2/src/tests/stub_MemObject.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/tests/stub_MemObject.cc 2013-01-09 14:09:06.000000000 +1300
@@ -21,7 +21,25 @@
void MemObject::trimSwappable() STUB
void MemObject::trimUnSwappable() STUB
int64_t MemObject::policyLowestOffsetToKeep(bool swap) const STUB_RETVAL(-1)
-MemObject::MemObject(char const *, char const *) {} // NOP due to Store
+MemObject::MemObject(char const *, char const *) :
+ url(NULL),
+ inmem_lo(0),
+ nclients(0),
+ request(NULL),
+ ping_reply_callback(NULL),
+ ircb_data(NULL),
+ log_url(NULL),
+ id(0),
+ object_sz(-1),
+ swap_hdr_sz(0),
+ vary_headers(NULL),
+ _reply(NULL)
+{
+ memset(&clients, 0, sizeof(clients));
+ memset(&start_ping, 0, sizeof(start_ping));
+ memset(&abort, 0, sizeof(abort));
+} // NOP instead of elided due to Store
+
HttpReply const * MemObject::getReply() const
{
// XXX: required by testStore
diff -u -r -N squid-3.3.0.2/src/tests/testConfigParser.cc squid-3.3.0.3/src/tests/testConfigParser.cc
--- squid-3.3.0.2/src/tests/testConfigParser.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/tests/testConfigParser.cc 2013-01-09 14:09:06.000000000 +1300
@@ -30,8 +30,10 @@
fprintf(stderr, "Invalid config line: %s\n", s);
return false;
}
+
// Keep the initial value on cfgparam. The ConfigParser methods will write on cfgline
- strcpy(cfgparam, tmp+1);
+ strncpy(cfgparam, tmp+1, sizeof(cfgparam)-1);
+ cfgparam[sizeof(cfgparam)-1] = '\0';
// Initialize parser to point to the start of quoted string
strtok(cfgline, w_space);
diff -u -r -N squid-3.3.0.2/src/tests/test_http_range.cc squid-3.3.0.3/src/tests/test_http_range.cc
--- squid-3.3.0.2/src/tests/test_http_range.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/tests/test_http_range.cc 2013-01-09 14:09:06.000000000 +1300
@@ -187,17 +187,25 @@
}
int
-main (int argc, char **argv)
+main(int argc, char **argv)
{
- Mem::Init();
- /* enable for debugging to console */
- // _db_init (NULL, NULL);
- // Debug::Levels[64] = 9;
- testRangeParser ("bytes=0-3");
- testRangeParser ("bytes=-3");
- testRangeParser ("bytes=1-");
- testRangeParser ("bytes=0-3, 1-, -2");
- testRangeIter ();
- testRangeCanonization();
+ try {
+ Mem::Init();
+ /* enable for debugging to console */
+ // _db_init (NULL, NULL);
+ // Debug::Levels[64] = 9;
+ testRangeParser("bytes=0-3");
+ testRangeParser("bytes=-3");
+ testRangeParser("bytes=1-");
+ testRangeParser("bytes=0-3, 1-, -2");
+ testRangeIter();
+ testRangeCanonization();
+ } catch (const std::exception &e) {
+ printf("Error: dying from an unhandled exception: %s\n", e.what());
+ return 1;
+ } catch (...) {
+ printf("Error: dying from an unhandled exception.\n");
+ return 1;
+ }
return 0;
}
diff -u -r -N squid-3.3.0.2/src/tests/testHttpReply.cc squid-3.3.0.3/src/tests/testHttpReply.cc
--- squid-3.3.0.2/src/tests/testHttpReply.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/tests/testHttpReply.cc 2013-01-09 14:09:06.000000000 +1300
@@ -88,7 +88,7 @@
#endif
// valid ICY protocol status line
- input.append("ICY 200 Okay\n\n", 18);
+ input.append("ICY 200 Okay\n\n", 14);
hdr_len = headersEnd(input.content(),input.contentSize());
CPPUNIT_ASSERT( engine.sanityCheckStartLine(&input, hdr_len, &error) );
CPPUNIT_ASSERT_EQUAL(error, HTTP_STATUS_NONE);
diff -u -r -N squid-3.3.0.2/src/tests/testHttpRequest.cc squid-3.3.0.3/src/tests/testHttpRequest.cc
--- squid-3.3.0.2/src/tests/testHttpRequest.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/tests/testHttpRequest.cc 2013-01-09 14:09:06.000000000 +1300
@@ -57,6 +57,7 @@
CPPUNIT_ASSERT_EQUAL(String("/bar"), aRequest->urlpath);
CPPUNIT_ASSERT_EQUAL(AnyP::PROTO_HTTP, aRequest->protocol);
CPPUNIT_ASSERT_EQUAL(String("http://foo/bar"), String(url));
+ xfree(url);
/* a connect url with non-CONNECT data */
url = xstrdup(":foo/bar");
diff -u -r -N squid-3.3.0.2/src/wccp2.cc squid-3.3.0.3/src/wccp2.cc
--- squid-3.3.0.2/src/wccp2.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/src/wccp2.cc 2013-01-09 14:09:06.000000000 +1300
@@ -584,6 +584,7 @@
/* The password field, for the MD5 hash, needs to be 8 bytes and NUL padded. */
memset(pwd, 0, sizeof(pwd));
strncpy(pwd, password, sizeof(pwd));
+ pwd[sizeof(pwd) - 1] = '\0';
ws = (struct wccp2_security_md5_t *) ptr;
assert(ntohs(ws->security_type) == WCCP2_SECURITY_INFO);
@@ -651,6 +652,7 @@
/* The password field, for the MD5 hash, needs to be 8 bytes and NUL padded. */
memset(pwd, 0, sizeof(pwd));
strncpy(pwd, srv->wccp_password, sizeof(pwd));
+ pwd[sizeof(pwd) - 1] = '\0';
/* Take a copy of the challenge: we need to NUL it before comparing */
memcpy(md5_challenge, ws->security_implementation, 16);
diff -u -r -N squid-3.3.0.2/tools/cachemgr.cc squid-3.3.0.3/tools/cachemgr.cc
--- squid-3.3.0.2/tools/cachemgr.cc 2012-12-02 21:30:11.000000000 +1300
+++ squid-3.3.0.3/tools/cachemgr.cc 2013-01-09 14:09:06.000000000 +1300
@@ -978,10 +978,10 @@
// limit the input to something reasonable.
// 4KB should be enough for the GET/POST data length, but may be extended.
- size_t bufLen = (len >= 4096 ? len : 4095);
+ size_t bufLen = (len < 4096 ? len : 4095);
char *buf = (char *)xmalloc(bufLen + 1);
- size_t readLen = fread(buf, bufLen, 1, stdin);
+ size_t readLen = fread(buf, 1, bufLen, stdin);
if (readLen == 0) {
xfree(buf);
return NULL;
@@ -990,9 +990,9 @@
len -= readLen;
// purge the remainder of the request entity
- while (len > 0) {
+ while (len > 0 && readLen) {
char temp[65535];
- readLen = fread(temp, 65535, 1, stdin);
+ readLen = fread(temp, 1, 65535, stdin);
len -= readLen;
}