Changeset 5503 for squid-ssl/trunk/fuentes

Timestamp:

Jul 13, 2017, 11:11:39 AM (4 years ago)

Author:

Juanma

Message:

Initial release

Location:

squid-ssl/trunk/fuentes

Files:

• .pc (deleted)
• debian/patches/01-cf.data.debian.patch (modified) (5 diffs)
• debian/patches/CVE-2016-10003.patch (modified) (1 diff)
• src/LogTags.h (modified) (2 diffs)
• src/Makefile.am (modified) (1 diff)
• src/Makefile.in (modified) (1 diff)
• src/cf.data.pre (modified) (7 diffs)
• src/client_side.cc (modified) (2 diffs)
• src/client_side_reply.h (modified) (1 diff)
• src/client_side_request.cc (modified) (1 diff)
• src/esi/Context.h (modified) (2 diffs)
• src/esi/Esi.cc (modified) (9 diffs)
• src/icmp/Icmp6.cc (modified) (3 diffs)
• src/mime_header.cc (modified) (1 diff)
• src/tests/stub_cbdata.cc (modified) (1 diff)
• src/tests/stub_mem.cc (modified) (1 diff)
• tools/Makefile.am (modified) (3 diffs)
• tools/cachemgr.cc (modified) (8 diffs)

squid-ssl/trunk/fuentes/debian/patches/01-cf.data.debian.patch

@@ -3 +3 @@
 --- a/src/cf.data.pre
 +++ b/src/cf.data.pre
-@@ -1155,11 +1155,11 @@ NOCOMMENT_START
+@@ -1206,11 +1206,11 @@
  # Example rule allowing access from your local networks.
  # Adapt to list your (internal) IP networks from where browsing
@@ -20 +20 @@
  acl SSL_ports port 443
  acl Safe_ports port 80         # http
-@@ -1408,7 +1408,7 @@ http_access deny manager
+@@ -1459,7 +1459,7 @@
  # Example rule allowing access from your local networks.
  # Adapt localnet in the ACL section to list your (internal) IP networks
@@ -29 +29 @@
  
  # And finally deny all other access to this proxy
-@@ -4431,7 +4431,7 @@ DOC_END
+@@ -4533,7 +4533,7 @@
  
  NAME: logfile_rotate
@@ -38 +38 @@
  DOC_START
         Specifies the number of logfile rotations to make when you
-@@ -4450,6 +4450,9 @@ DOC_START
+@@ -4552,6 +4552,9 @@
  
         Note, from Squid-3.1 this option is only a default for cache.log,
@@ -48 +48 @@
  
  NAME: mime_table
-@@ -8794,8 +8797,8 @@ DOC_START
+@@ -8896,8 +8899,8 @@
  
         WARNING:

squid-ssl/trunk/fuentes/debian/patches/CVE-2016-10003.patch

@@ -5 +5 @@
 --- a/src/client_side_reply.cc
 +++ b/src/client_side_reply.cc
-@@ -545,7 +545,6 @@
-         debugs(88, 5, "negative-HIT");
-         http->logType = LOG_TCP_NEGATIVE_HIT;
-         sendMoreData(result);
--        return;
-     } else if (blockedHit()) {
-         debugs(88, 5, "send_hit forces a MISS");
-         http->logType = LOG_TCP_MISS;
-@@ -597,29 +596,27 @@
-             http->logType = LOG_TCP_MISS;
-             processMiss();
-         }
--        return;
-     } else if (r->conditional()) {
-         debugs(88, 5, "conditional HIT");
--        if (processConditional(result))
--            return;
--    }
--
--    /*
--     * plain ol' cache hit
--     */
--    debugs(88, 5, "plain old HIT");
-+        processConditional(result);
-+    } else {
-+        /*
-+         * plain ol' cache hit
-+         */
-+        debugs(88, 5, "plain old HIT");
- 
- #if USE_DELAY_POOLS
--    if (e->store_status != STORE_OK)
--        http->logType = LOG_TCP_MISS;
--    else
-+        if (e->store_status != STORE_OK)
-+            http->logType = LOG_TCP_MISS;
-+        else
- #endif
--        if (e->mem_status == IN_MEMORY)
--            http->logType = LOG_TCP_MEM_HIT;
--        else if (Config.onoff.offline)
--            http->logType = LOG_TCP_OFFLINE_HIT;
-+            if (e->mem_status == IN_MEMORY)
-+                http->logType = LOG_TCP_MEM_HIT;
-+            else if (Config.onoff.offline)
-+                http->logType = LOG_TCP_OFFLINE_HIT;
- 
--    sendMoreData(result);
-+        sendMoreData(result);
-+    }
- }
- 
- /**
-@@ -713,16 +710,17 @@
- }
- 
- /// process conditional request from client
--bool
-+void
- clientReplyContext::processConditional(StoreIOBuffer &result)
- {
-     StoreEntry *const e = http->storeEntry();
- 
-     if (e->getReply()->sline.status() != Http::scOkay) {
--        debugs(88, 4, "Reply code " << e->getReply()->sline.status() << " != 200");
-+        debugs(88, 4, "clientReplyContext::processConditional: Reply code " <<
-+               e->getReply()->sline.status() << " != 200");
-         http->logType = LOG_TCP_MISS;
-         processMiss();
--        return true;
-+        return;
+@@ -474,6 +474,16 @@
+         return;
      }
  
-     HttpRequest &r = *http->request;
-@@ -730,39 +728,51 @@
-     if (r.header.has(HDR_IF_MATCH) && !e->hasIfMatchEtag(r)) {
-         // RFC 2616: reply with 412 Precondition Failed if If-Match did not match
-         sendPreconditionFailedError();
--        return true;
++    // The previously identified hit suddenly became unsharable!
++    // This is common for collapsed forwarding slaves but might also
++    // happen to regular hits because we are called asynchronously.
++    if (EBIT_TEST(e->flags, KEY_PRIVATE)) {
++        debugs(88, 3, "unsharable " << *e << ". MISS");
++        http->logType = LOG_TCP_MISS;
++        processMiss();
 +        return;
-     }
- 
-+    bool matchedIfNoneMatch = false;
-     if (r.header.has(HDR_IF_NONE_MATCH)) {
--        // RFC 7232: If-None-Match recipient MUST ignore IMS
--        r.flags.ims = false;
--        r.ims = -1;
--        r.imslen = 0;
--        r.header.delById(HDR_IF_MODIFIED_SINCE);
-+        if (!e->hasIfNoneMatchEtag(r)) {
-+            // RFC 2616: ignore IMS if If-None-Match did not match
-+            r.flags.ims = false;
-+            r.ims = -1;
-+            r.imslen = 0;
-+            r.header.delById(HDR_IF_MODIFIED_SINCE);
-+            http->logType = LOG_TCP_MISS;
-+            sendMoreData(result);
-+            return;
-+        }
- 
--        if (e->hasIfNoneMatchEtag(r)) {
-+        if (!r.flags.ims) {
-+            // RFC 2616: if If-None-Match matched and there is no IMS,
-+            // reply with 304 Not Modified or 412 Precondition Failed
-             sendNotModifiedOrPreconditionFailedError();
--            return true;
-+            return;
-         }
- 
--        // None-Match is true (no ETag matched); treat as an unconditional hit
--        return false;
-+        // otherwise check IMS below to decide if we reply with 304 or 412
-+        matchedIfNoneMatch = true;
-     }
- 
-     if (r.flags.ims) {
-         // handle If-Modified-Since requests from the client
-         if (e->modifiedSince(&r)) {
--            // Modified-Since is true; treat as an unconditional hit
--            return false;
-+            http->logType = LOG_TCP_IMS_HIT;
-+            sendMoreData(result);
-+            return;
-+        }
- 
--        } else {
--            // otherwise reply with 304 Not Modified
--            sendNotModified();
-+        if (matchedIfNoneMatch) {
-+            // If-None-Match matched, reply with 304 Not Modified or
-+            // 412 Precondition Failed
-+            sendNotModifiedOrPreconditionFailedError();
-+            return;
-         }
--        return true;
--    }
- 
--    return false;
-+        // otherwise reply with 304 Not Modified
-+        sendNotModified();
 +    }
- }
- 
- /// whether squid.conf send_hit prevents us from serving this hit
-@@ -1909,12 +1919,7 @@
-     StoreEntry *e = http->storeEntry();
-     const time_t timestamp = e->timestamp;
-     HttpReply *const temprep = e->getReply()->make304();
--    // log as TCP_INM_HIT if code 304 generated for
--    // If-None-Match request
--    if (!http->request->flags.ims)
--        http->logType = LOG_TCP_INM_HIT;
--    else
--        http->logType = LOG_TCP_IMS_HIT;
-+    http->logType = LOG_TCP_IMS_HIT;
-     removeClientStoreReference(&sc, http);
-     createStoreEntry(http->request->method, RequestFlags());
-     e = http->storeEntry();
++
+     if (result.length == 0) {
+         debugs(88, 5, "store IO buffer has no content. MISS");
+         /* the store couldn't get enough data from the file for us to id the

squid-ssl/trunk/fuentes/src/LogTags.h

@@ -28 +28 @@
     LOG_TCP_CLIENT_REFRESH_MISS,
     LOG_TCP_IMS_HIT,
-    LOG_TCP_INM_HIT,
     LOG_TCP_SWAPFAIL_MISS,
     LOG_TCP_NEGATIVE_HIT,
@@ -55 +54 @@
         (code == LOG_TCP_HIT) ||
         (code == LOG_TCP_IMS_HIT) ||
-        (code == LOG_TCP_INM_HIT) ||
         (code == LOG_TCP_REFRESH_FAIL_OLD) ||
         (code == LOG_TCP_REFRESH_UNMODIFIED) ||

squid-ssl/trunk/fuentes/src/Makefile.am

@@ -910 +910 @@
 DEFAULT_CONFIG_DIR      = $(sysconfdir)
 DEFAULT_CONFIG_FILE     = $(DEFAULT_CONFIG_DIR)/squid.conf
-DEFAULT_MIME_TABLE      = $(datadir)/mime.conf
+DEFAULT_MIME_TABLE      = $(DEFAULT_CONFIG_DIR)/mime.conf
 DEFAULT_SSL_CRTD        = $(libexecdir)/`echo ssl_crtd  | sed '$(transform);s/$$/$(EXEEXT)/'`
 DEFAULT_LOG_PREFIX      = $(DEFAULT_LOG_DIR)

squid-ssl/trunk/fuentes/src/Makefile.in

@@ -3258 +3258 @@
 DEFAULT_CONFIG_DIR = $(sysconfdir)
 DEFAULT_CONFIG_FILE = $(DEFAULT_CONFIG_DIR)/squid.conf
-DEFAULT_MIME_TABLE = $(datadir)/mime.conf
+DEFAULT_MIME_TABLE = $(DEFAULT_CONFIG_DIR)/mime.conf
 DEFAULT_SSL_CRTD = $(libexecdir)/`echo ssl_crtd  | sed '$(transform);s/$$/$(EXEEXT)/'`
 DEFAULT_LOG_PREFIX = $(DEFAULT_LOG_DIR)

squid-ssl/trunk/fuentes/src/cf.data.pre

@@ -1207 +1207 @@
 # Adapt to list your (internal) IP networks from where browsing
 # should be allowed
-#acl localnet src 10.0.0.0/8    # RFC1918 possible internal network
-#acl localnet src 172.16.0.0/12 # RFC1918 possible internal network
-#acl localnet src 192.168.0.0/16        # RFC1918 possible internal network
-#acl localnet src fc00::/7       # RFC 4193 local private network range
-#acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
+acl localnet src 10.0.0.0/8     # RFC1918 possible internal network
+acl localnet src 172.16.0.0/12  # RFC1918 possible internal network
+acl localnet src 192.168.0.0/16 # RFC1918 possible internal network
+acl localnet src fc00::/7       # RFC 4193 local private network range
+acl localnet src fe80::/10      # RFC 4291 link-local (directly plugged) machines
 
 acl SSL_ports port 443
@@ -1460 +1460 @@
 # Adapt localnet in the ACL section to list your (internal) IP networks
 # from where browsing should be allowed
-#http_access allow localnet
+http_access allow localnet
 http_access allow localhost
 
@@ -3211 +3211 @@
                         reference a combined file containing both the
                         certificate and the key.
-
-        Notes:
-        
-        On Debian/Ubuntu systems a default snakeoil certificate is
-    available in /etc/ssl and users can set:
-
-                cert=/etc/ssl/certs/ssl-cert-snakeoil.pem
-
-        and
-
-                key=/etc/ssl/private/ssl-cert-snakeoil.key
-
-        for testing.
         
         sslversion=1|2|3|4|5|6
@@ -4547 +4534 @@
 NAME: logfile_rotate
 TYPE: int
-DEFAULT: 0
+DEFAULT: 10
 LOC: Config.Log.rotateNumber
 DOC_START
@@ -4566 +4553 @@
         Note, from Squid-3.1 this option is only a default for cache.log,
         that log can be rotated separately by using debug_options.
-
-        Note2, for Debian/Linux the default of logfile_rotate is
-        zero, since it includes external logfile-rotation methods.
 DOC_END
 
@@ -5447 +5431 @@
 refresh_pattern ^gopher:        1440    0%      1440
 refresh_pattern -i (/cgi-bin/|\?) 0     0%      0
-refresh_pattern (Release|Packages(.gz)*)$      0       20%     2880
-# example lin deb packages
-#refresh_pattern (\.deb|\.udeb)$   129600 100% 129600
 refresh_pattern .               0       20%     4320
 NOCOMMENT_END
@@ -8916 +8897 @@
         WARNING:
           This option will restrict the situations under which IPv6
-          connectivity is used (and tested), potentially hiding network
-          problems which would otherwise be detected and warned about.
+          connectivity is used (and tested). Hiding network problems
+          which would otherwise be detected and warned about.
 DOC_END
 

squid-ssl/trunk/fuentes/src/client_side.cc

@@ -416 +416 @@
         break;
 
-    case LOG_TCP_INM_HIT:
     case LOG_TCP_IMS_HIT:
         statCounter.client_http.nearMissSvcTime.count(svc_time);
@@ -2662 +2661 @@
             return;
         }
-
-        // when absolute-URI is provided Host header should be ignored. However
-        // some code still uses Host directly so normalize it.
-        // For now preserve the case where Host is completely absent. That matters.
-        if (request->header.has(HDR_HOST)) {
-            const char *host = request->header.getStr(HDR_HOST);
-            SBuf authority(request->GetHost());
-            if (request->port != urlDefaultPort(request->url.getScheme()))
-                authority.appendf(":%d", request->port);
-            debugs(33, 5, "URL domain " << authority << " overrides header Host: " << host);
-            // URL authority overrides Host header
-            request->header.delById(HDR_HOST);
-            request->header.putStr(HDR_HOST, authority.c_str());
-        }
     }
 

squid-ssl/trunk/fuentes/src/client_side_reply.h

@@ -115 +115 @@
     int checkTransferDone();
     void processOnlyIfCachedMiss();
-    bool processConditional(StoreIOBuffer &result);
+    void processConditional(StoreIOBuffer &result);
     void cacheHit(StoreIOBuffer result);
     void handleIMSReply(StoreIOBuffer result);

squid-ssl/trunk/fuentes/src/client_side_request.cc

@@ -142 +142 @@
     al = new AccessLogEntry;
     al->cache.start_time = current_time;
-    if (aConn) {
-        al->tcpClient = clientConnection = aConn->clientConnection;
-        al->cache.port = aConn->port;
-        al->cache.caddr = aConn->log_addr;
+    al->tcpClient = clientConnection = aConn->clientConnection;
+    al->cache.port = aConn->port;
+    al->cache.caddr = aConn->log_addr;
 
 #if USE_OPENSSL
-        if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
-            if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl)
-                al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
-        }
-#endif
-    }
+    if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
+        if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl)
+            al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
+    }
+#endif
     dlinkAdd(this, &active, &ClientActiveRequests);
 #if USE_ADAPTATION

squid-ssl/trunk/fuentes/src/esi/Context.h

@@ -14 +14 @@
 #include "esi/Element.h"
 #include "esi/Parser.h"
-#include "HttpReply.h"
 #include "http/StatusCode.h"
 
@@ -93 +92 @@
     Http::StatusCode errorstatus; /* if we error, what code to return */
     char *errormessage; /* error to pass to error page */
-    HttpReply::Pointer rep; /* buffered until we pass data downstream */
+    HttpReply *rep; /* buffered until we pass data downstream */
     ESISegment::Pointer buffered; /* unprocessed data - for whatever reason */
     ESISegment::Pointer incoming;

squid-ssl/trunk/fuentes/src/esi/Esi.cc

@@ -574 +574 @@
 #endif
 
-    if (!(rep != NULL || (outbound.getRaw() &&
+    if (!(rep || (outbound.getRaw() &&
                   outbound->len && (outbound_offset <= outbound->len)))) {
         debugs(86, 5, "ESIContext::send: Nothing to send.");
@@ -619 +619 @@
     debugs(86, 5, "ESIContext::send: this=" << this << " Client no longer wants data ");
     /* Deal with re-entrancy */
-    HttpReply::Pointer temprep = rep;
+    HttpReply *temprep = rep;
     rep = NULL; /* freed downstream */
 
-    if (temprep != NULL && varState)
-        varState->buildVary(temprep.getRaw());
+    if (temprep && varState)
+        varState->buildVary (temprep);
 
     {
@@ -630 +630 @@
         tempBuffer.offset = pos - len;
         tempBuffer.data = next->readBuffer.data;
-        clientStreamCallback (thisNode, http, temprep.getRaw(), tempBuffer);
+        clientStreamCallback (thisNode, http, temprep, tempBuffer);
     }
 
@@ -967 +967 @@
     int specifiedattcount = attrCount * 2;
     char *position;
-    Must(ellen < sizeof(localbuf)); /* prevent unexpected overruns. */
+    assert (ellen < sizeof (localbuf)); /* prevent unexpected overruns. */
 
     debugs(86, 5, "ESIContext::Start: element '" << el << "' with " << specifiedattcount << " tags");
@@ -981 +981 @@
         localbuf[0] = '<';
         localbuf[1] = '\0';
-        xstrncpy(&localbuf[1], el, sizeof(localbuf) - 2);
+        assert (xstrncpy (&localbuf[1], el, sizeof(localbuf) - 2));
         position = localbuf + strlen (localbuf);
 
         for (i = 0; i < specifiedattcount && attr[i]; i += 2) {
-            Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 1);
             *position = ' ';
             ++position;
             /* TODO: handle thisNode gracefully */
-            xstrncpy(position, attr[i], sizeof(localbuf) - (position - localbuf));
+            assert (xstrncpy (position, attr[i], sizeof(localbuf) + (position - localbuf)));
             position += strlen (position);
-            Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 2);
             *position = '=';
             ++position;
@@ -1000 +998 @@
             while ((ch = *chPtr++) != '\0') {
                 if (ch == '\"') {
-                    Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 6);
-                    xstrncpy(position, "&quot;", sizeof(localbuf) - (position-localbuf));
+                    assert( xstrncpy(position, "&quot;", sizeof(localbuf) + (position-localbuf)) );
                     position += 6;
                 } else {
-                    Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 1);
                     *position = ch;
                     ++position;
                 }
             }
-            Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 1);
+            position += strlen (position);
             *position = '\"';
             ++position;
         }
 
-        Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 2);
         *position = '>';
         ++position;
@@ -1100 +1095 @@
 
     case ESIElement::ESI_ELEMENT_NONE:
-        Must(ellen < sizeof(localbuf) - 3); /* prevent unexpected overruns. */
+        assert (ellen < sizeof (localbuf)); /* prevent unexpected overruns. */
         /* Add elements we aren't interested in */
         localbuf[0] = '<';
         localbuf[1] = '/';
-        xstrncpy(&localbuf[2], el, sizeof(localbuf) - 3);
+        assert (xstrncpy (&localbuf[2], el, sizeof(localbuf) - 3));
         position = localbuf + strlen (localbuf);
         *position = '>';
@@ -1260 +1255 @@
     }
 
-    if (rep != NULL && !parserState.inited())
+    if (rep && !parserState.inited())
         parserState.init(this);
 
@@ -1399 +1394 @@
     debugs(86, 5, HERE << "Freeing for this=" << this);
 
-    rep = NULL; // refcounted
+    HTTPMSGUNLOCK(rep);
 
     finishChildren ();

squid-ssl/trunk/fuentes/src/icmp/Icmp6.cc

@@ -257 +257 @@
 
         ip = (struct ip6_hdr *) pkt;
-        NP: echo size needs to +sizeof(ip6_hdr);
+        pkt += sizeof(ip6_hdr);
 
     debugs(42, DBG_CRITICAL, HERE << "ip6_nxt=" << ip->ip6_nxt <<
@@ -268 +268 @@
 
     icmp6header = (struct icmp6_hdr *) pkt;
+    pkt += sizeof(icmp6_hdr);
 
     if (icmp6header->icmp6_type != ICMP6_ECHO_REPLY) {
@@ -292 +293 @@
     }
 
-    echo = (icmpEchoData *) (pkt + sizeof(icmp6_hdr));
+    echo = (icmpEchoData *) pkt;
 
     preply.opcode = echo->opcode;

squid-ssl/trunk/fuentes/src/mime_header.cc

@@ -37 +37 @@
     debugs(25, 5, "mime_get_header: looking for '" << name << "'");
 
-    for (p = mime; *p; p += strcspn(p, "\n")) {
-        if (strcmp(p, "\n\r\n") == 0 || strcmp(p, "\n\n") == 0)
+    for (p = mime; *p; p += strcspn(p, "\n\r")) {
+        if (strcmp(p, "\r\n\r\n") == 0 || strcmp(p, "\n\n") == 0)
             return NULL;
 
-        if (*p == '\n')
+        while (xisspace(*p))
             ++p;
 

squid-ssl/trunk/fuentes/src/tests/stub_cbdata.cc

@@ -14 +14 @@
 
 void cbdataRegisterWithCacheManager(void) STUB
-void *cbdataInternalAlloc(cbdata_type type, const char *, int sz) {
-    return xcalloc(1, sz);
-}
-void *cbdataInternalFree(void *p, const char *, int) {
-    xfree(p);
-    return NULL;
-}
+
 #if USE_CBDATA_DEBUG
 void *cbdataInternalAllocDbg(cbdata_type type, const char *, int) STUB_RETVAL(NULL)

squid-ssl/trunk/fuentes/src/tests/stub_mem.cc

@@ -15 +15 @@
 #define STUB_API "stub_mem.cc"
 #include "Mem.h"
-#include "tests/STUB.h"
+#include "STUB.h"
 
 void

squid-ssl/trunk/fuentes/tools/Makefile.am

@@ -35 +35 @@
         cp $(top_srcdir)/src/tests/stub_debug.cc .
 
-MemBuf.cc: $(top_srcdir)/src/MemBuf.cc
-        cp $(top_srcdir)/src/MemBuf.cc $@
-
 time.cc: $(top_srcdir)/src/time.cc
         cp $(top_srcdir)/src/time.cc .
-
-stub_cbdata.cc: $(top_srcdir)/src/tests/stub_cbdata.cc
-        cp $(top_srcdir)/src/tests/stub_cbdata.cc $@
-
-stub_mem.cc: $(top_srcdir)/src/tests/stub_mem.cc
-        cp $(top_srcdir)/src/tests/stub_mem.cc $@
 
 # stock tools for unit tests - library independent versions of dlink_list
@@ -52 +43 @@
 # Neither of these should be disted from here.
 TESTSOURCES= test_tools.cc
-CLEANFILES += test_tools.cc MemBuf.cc stub_debug.cc time.cc stub_cbdata.cc stub_mem.cc
+CLEANFILES += test_tools.cc stub_debug.cc time.cc
 
 ## ##### helper-mux #####
@@ -70 +61 @@
 
 cachemgr__CGIEXT__SOURCES = cachemgr.cc \
-        MemBuf.cc \
-        stub_cbdata.cc \
         stub_debug.cc \
-        stub_mem.cc \
         test_tools.cc \
         time.cc

squid-ssl/trunk/fuentes/tools/cachemgr.cc

@@ -12 +12 @@
 #include "html_quote.h"
 #include "ip/Address.h"
-#include "MemBuf.h"
 #include "rfc1123.h"
 #include "rfc1738.h"
@@ -425 +424 @@
 }
 
-static void
-munge_menu_line(MemBuf &out, const char *buf, cachemgr_request * req)
+static const char *
+munge_menu_line(const char *buf, cachemgr_request * req)
 {
     char *x;
@@ -434 +433 @@
     char *a_url;
     char *buf_copy;
-
-    const char bufLen = strlen(buf);
-    if (bufLen < 1 || *buf != ' ') {
-        out.append(buf, bufLen);
-        return;
-    }
-
-    buf_copy = x = xstrndup(buf, bufLen);
+    static char html[2 * 1024];
+
+    if (strlen(buf) < 1)
+        return buf;
+
+    if (*buf != ' ')
+        return buf;
+
+    buf_copy = x = xstrdup(buf);
 
     a = xstrtok(&x, '\t');
@@ -453 +453 @@
     /* no reason to give a url for a disabled action */
     if (!strcmp(p, "disabled"))
-        out.Printf("<LI type=\"circle\">%s (disabled)<A HREF=\"%s\">.</A>\n", d, a_url);
+        snprintf(html, sizeof(html), "<LI type=\"circle\">%s (disabled)<A HREF=\"%s\">.</A>\n", d, a_url);
     else
         /* disable a hidden action (requires a password, but password is not in squid.conf) */
         if (!strcmp(p, "hidden"))
-            out.Printf("<LI type=\"circle\">%s (hidden)<A HREF=\"%s\">.</A>\n", d, a_url);
+            snprintf(html, sizeof(html), "<LI type=\"circle\">%s (hidden)<A HREF=\"%s\">.</A>\n", d, a_url);
         else
             /* disable link if authentication is required and we have no password */
             if (!strcmp(p, "protected") && !req->passwd)
-                out.Printf("<LI type=\"circle\">%s (requires <a href=\"%s\">authentication</a>)<A HREF=\"%s\">.</A>\n",
-                            d, menu_url(req, "authenticate"), a_url);
+                snprintf(html, sizeof(html), "<LI type=\"circle\">%s (requires <a href=\"%s\">authentication</a>)<A HREF=\"%s\">.</A>\n",
+                         d, menu_url(req, "authenticate"), a_url);
             else
                 /* highlight protected but probably available entries */
                 if (!strcmp(p, "protected"))
-                    out.Printf("<LI type=\"square\"><A HREF=\"%s\"><font color=\"#FF0000\">%s</font></A>\n",
-                                a_url, d);
+                    snprintf(html, sizeof(html), "<LI type=\"square\"><A HREF=\"%s\"><font color=\"#FF0000\">%s</font></A>\n",
+                             a_url, d);
 
     /* public entry or unknown type of protection */
                 else
-                    out.Printf("<LI type=\"disk\"><A HREF=\"%s\">%s</A>\n", a_url, d);
+                    snprintf(html, sizeof(html), "<LI type=\"disk\"><A HREF=\"%s\">%s</A>\n", a_url, d);
 
     xfree(a_url);
 
     xfree(buf_copy);
-}
-
-static void
-munge_other_line(MemBuf &out, const char *buf, cachemgr_request *)
+
+    return html;
+}
+
+static const char *
+munge_other_line(const char *buf, cachemgr_request * req)
 {
     static const char *ttags[] = {"td", "th"};
 
+    static char html[4096];
     static int table_line_num = 0;
     static int next_is_header = 0;
@@ -489 +492 @@
     char *buf_copy;
     char *x, *p;
+    int l = 0;
     /* does it look like a table? */
 
     if (!strchr(buf, '\t') || *buf == '\t') {
         /* nope, just text */
-        if (table_line_num)
-            out.append("</table>\n<pre>", 14);
-        out.Printf("%s", html_quote(buf));
+        snprintf(html, sizeof(html), "%s%s",
+                 table_line_num ? "</table>\n<pre>" : "", html_quote(buf));
         table_line_num = 0;
-        return;
+        return html;
     }
 
     /* start html table */
     if (!table_line_num) {
-        out.append("</pre><table cellpadding=\"2\" cellspacing=\"1\">\n", 46);
+        l += snprintf(html + l, sizeof(html) - l, "</pre><table cellpadding=\"2\" cellspacing=\"1\">\n");
         next_is_header = 0;
     }
@@ -512 +515 @@
 
     /* record starts */
-    out.append("<tr>", 4);
+    l += snprintf(html + l, sizeof(html) - l, "<tr>");
 
     /* substitute '\t' */
@@ -529 +532 @@
         }
 
-        out.Printf("<%s colspan=\"%d\" align=\"%s\">%s</%s>",
-                    ttag, column_span,
-                    is_header ? "center" : is_number(cell) ? "right" : "left",
-                    html_quote(cell), ttag);
+        l += snprintf(html + l, sizeof(html) - l, "<%s colspan=\"%d\" align=\"%s\">%s</%s>",
+                      ttag, column_span,
+                      is_header ? "center" : is_number(cell) ? "right" : "left",
+                      html_quote(cell), ttag);
     }
 
     xfree(buf_copy);
     /* record ends */
-    out.append("</tr>\n", 6);
+    snprintf(html + l, sizeof(html) - l, "</tr>\n");
     next_is_header = is_header && strstr(buf, "\t\t");
     ++table_line_num;
+    return html;
 }
 
@@ -696 +700 @@
 
         case isBody:
-        {
             /* interpret [and reformat] cache response */
-            MemBuf out;
-            out.init();
+
             if (parse_menu)
-                munge_menu_line(out, buf, req);
+                fputs(munge_menu_line(buf, req), stdout);
             else
-                munge_other_line(out, buf, req);
-
-            fputs(out.buf, stdout);
-        }
-        break;
+                fputs(munge_other_line(buf, req), stdout);
+
+            break;
 
         case isForward: