Re: squid seg faults on bogusly large URLs

On Aug 28, 10:29, Ira Abramov wrote:
> Subject: Re: squid seg faults on bogusly large URLs
> On Wed, 28 Aug 1996, Adrian Havill wrote:
>
> > Our Squid 1.0.10 dies (Seg faults) whenever it receives a "URL that
> > is too large."
> >

>
> chat CGIs have no reason to be cached either, does it help when you
cancel
> the caching of the specific site?
>
Not unless you do that in a Netscape auto-config file. The problem is in
the parsing of the URL before any decision about caching is made (well,
actually within the code that writes the error message!).

Duane sent me a temporary fix for this problem tonight. I'm appending his
message below.
>
>-- End of excerpt from Ira Abramov

Regards,

Andreas

-- 
Andreas Strotmann       / ~~~~~~ \________________A.Strotmann@Uni-Koeln.DE
Universitaet zu Koeln  /| University of Cologne   \
Regionales Rechenzentrum| Regional Computer Center \
Robert-Koch-Str. 10    /|    Tel: +49-221-478-5524 |\   Home: -221-4200663
D-50931  Koeln        __|__  FAX: +49-221-478-5590 |__________~~~~~~~~~~~~   

attached mail follows:

Strotmann@rrz.uni-koeln.de writes:

>Hi,
>
>today my squid (version 1.0.7) died after issuing the following in
>cache.log (the core dump is useless):
>
>[27/Aug/1996:15:15:37 +0200] url.c:201: urlParse: URL too large (6571
>bytes)
>[27/Aug/1996:15:15:37 +0200] comm.c:699: comm_select: select
>failure: (89) Operation not applicable
>[27/Aug/1996:15:15:37 +0200] comm.c:1018: examine_select: Examining
>open file descriptors...
>[27/Aug/1996:15:15:37 +0200] comm.c:1031: WARNING: FD 4 has
>handlers, but it's invalid.
>[27/Aug/1996:15:15:37 +0200] comm.c:1032: FD 4 is a Unknown
>[27/Aug/1996:15:15:37 +0200] comm.c:1033: -->
>ais%2Fdata%2F.wais%2FopacRRZK.SF%3B6%3D927637%2520927901%2520%2Fvol%2Finfo%2Fw
ais
>%2Fdata%2F.wais-data%2FopacRRZK.SF.txt%3B7%3D%2500%3B%7C2492%7C11%7CBrinch%252
0Hansen%252c%2520Per%3A%2520%2520%2520%2520%25201977%252
>0%2520%2520%2520Betriebssysteme%7CHTML</A>
><P>
>The following error was encountered:
><UL>
><LI><STRONG>Invalid URL syntax</STRONG>
></UL>
>
>[27/Aug/1996:15:15:37 +0200] comm.c:1034: lifetm:6c253246
>tmout:6f63616c read:466f7061 write:4b2e5346 expt:25334234
>FATAL: Received bus error...dying.
>[27/Aug/1996:15:15:37 +0200] store.c:2800: storeWriteCleanLog:
>Starting...
>
>Looks like some buffer or other overflowed...

Yep, I think it trashes buffers in squid_error_url(). This should
cure it.

Index: src/url.c
===================================================================
RCS file: /surf1/CVS/squid/src/url.c,v
retrieving revision 1.29
diff -w -u -r1.29 url.c
--- url.c 1996/08/12 23:37:25 1.29
+++ url.c 1996/08/27 16:06:38
@@ -197,10 +197,13 @@
     char *t = NULL;
     int port;
     protocol_t protocol = PROTO_NONE;
+ int l;
     proto[0] = host[0] = urlpath[0] = login[0] = '\0';
 
- if (strlen(url) > MAX_URL) {
- debug(23, 0, "urlParse: URL too large (%d bytes)\n", strlen(url));
+ if ((l = strlen(url)) > MAX_URL) {
+ /* terminate so it doesn't overflow other buffers */
+ *(url + (MAX_URL >> 1)) = '\0';
+ debug(23, 0, "urlParse: URL too large (%d bytes)\n", l);
        return NULL;
     }
     if (method == METHOD_CONNECT) {

Duane W.
Received on Wed Aug 28 1996 - 01:42:42 MDT