On Thu, 2006-08-24 at 13:27 +0200, Guido Serassio wrote:
> Hi Henrik,
>
> At 12.40 24/08/2006, Guido Serassio wrote:
>
> >Hi Henrik,
> >
> >Just found how to crash Squid 2.6 (latest CVS) ... :-(
> >
> >- Enable authenticated only access
> >- Add to ERR_INVALID_REQ error file "User: %a<P>"
> >- reload error messages
> >
> >squidclient -m GETTT http://www.cisco.com
> >
> >Squid crashes into errorpage.c when evaluating %a because
> >err-)request is NULL.
> >
> >I'm suspecting that the same could happen with ERR_INVALID_URL, see
> >client_side.c line 3931.
>
> ERR_INVALID_URL crash also confirmed.
>
> This fixes the crash:
>
> Index: src/errorpage.c
> ===================================================================
> RCS file: /cvsroot/squid/squid/src/errorpage.c,v
> retrieving revision 1.27.2.4
> diff -u -p -r1.27.2.4 errorpage.c
> --- src/errorpage.c 5 Jul 2006 16:08:46 -0000 1.27.2.4
> +++ src/errorpage.c 24 Aug 2006 11:25:02 -0000
> @@ -452,8 +452,10 @@ errorConvert(char token, ErrorState * er
> memBufReset(&mb);
> switch (token) {
> case 'a':
> - if (r->auth_user_request)
> - p = authenticateUserRequestUsername(r->auth_user_request);
> + if (r) {
> + if (r->auth_user_request)
> + p = authenticateUserRequestUsername(r->auth_user_request);
> + }
> if (!p)
> p = "-";
> break;
>
> It's enough ?
I would do it as 'if (r && r->auth_user_request)' ...
Whats strange is that we're seeing error pages with no requests.
client_side is setup to create an empty request if there is no fully
parsed one for error construction.
Rob
-- GPG key available at: <http://www.robertcollins.net/keys.txt>.
This archive was generated by hypermail pre-2.1.9 : Fri Sep 01 2006 - 12:00:03 MDT