Hi Henrik,
At 12.40 24/08/2006, Guido Serassio wrote:
>Hi Henrik,
>
>Just found how to crash Squid 2.6 (latest CVS) ... :-(
>
>- Enable authenticated only access
>- Add to ERR_INVALID_REQ error file "User: %a<P>"
>- reload error messages
>
>squidclient -m GETTT http://www.cisco.com
>
>Squid crashes into errorpage.c when evaluating %a because
>err-)request is NULL.
>
>I'm suspecting that the same could happen with ERR_INVALID_URL, see
>client_side.c line 3931.
ERR_INVALID_URL crash also confirmed.
This fixes the crash:
Index: src/errorpage.c
===================================================================
RCS file: /cvsroot/squid/squid/src/errorpage.c,v
retrieving revision 1.27.2.4
diff -u -p -r1.27.2.4 errorpage.c
--- src/errorpage.c 5 Jul 2006 16:08:46 -0000 1.27.2.4
+++ src/errorpage.c 24 Aug 2006 11:25:02 -0000
@@ -452,8 +452,10 @@ errorConvert(char token, ErrorState * er
memBufReset(&mb);
switch (token) {
case 'a':
- if (r->auth_user_request)
- p = authenticateUserRequestUsername(r->auth_user_request);
+ if (r) {
+ if (r->auth_user_request)
+ p = authenticateUserRequestUsername(r->auth_user_request);
+ }
if (!p)
p = "-";
break;
It's enough ?
Regards
Guido
-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: guido.serassio@acmeconsulting.it
WWW: http://www.acmeconsulting.it/
Received on Thu Aug 24 2006 - 05:27:28 MDT
This archive was generated by hypermail pre-2.1.9 : Fri Sep 01 2006 - 12:00:03 MDT