[PATCH] Better helper-to-Squid buffer size management. from Alex Rousskov on 2012-02-28 (squid-dev)

From: Alex Rousskov <rousskov_at_measurement-factory.com>
Date: Tue, 28 Feb 2012 17:00:21 -0700

Hello,

This version of the patch is meant to address all previously raised
concerns (see the "Increase helper-to-Squid buffer size and warn on
overflows" thread):

* Minimum helper buffer size reduced from 8KB to 4KB.
* Squid will grow the buffer if needed.
* Squid will warn and kill helper if more than 32KB are needed.

BTW, I now know what SSL certificate caused buffer overflow which
triggered this change. Google decided to stuff all(?) TLDs in the world
in the Alternative Names field of one of its certificate:

X509v3 Subject Alternative Name: DNS:google.com, DNS:*.google.com,
DNS:*.google.ac, DNS:*.google.ad, DNS:*.google.ae, DNS:*.google.af,
DNS:*.google.ag, DNS:*.google.am, DNS:*.google.as, DNS:*.google.at,
DNS:*.google.az, ... DNS:google.vg, DNS:google.vu, DNS:google.ws

Today's certificate has fewer alternative names so I speculate Squid
certificate mimicking project was not the only software having problems!

Cheers,

Alex.

text/x-diff attachment: helper-zero-read-t4.patch

Received on Wed Feb 29 2012 - 00:00:39 MST

This archive was generated by hypermail 2.2.0 : Wed Feb 29 2012 - 12:00:12 MST