Ignore:
Timestamp:
Jul 13, 2017, 11:11:39 AM (4 years ago)
Author:
Juanma
Message:

Initial release

File:
1 edited

Legend:

Unmodified
Added
Removed
  • squid-ssl/trunk/fuentes/debian/patches/CVE-2016-10003.patch

    r5501 r5503  
    55--- a/src/client_side_reply.cc
    66+++ b/src/client_side_reply.cc
    7 @@ -545,7 +545,6 @@
    8          debugs(88, 5, "negative-HIT");
    9          http->logType = LOG_TCP_NEGATIVE_HIT;
    10          sendMoreData(result);
    11 -        return;
    12      } else if (blockedHit()) {
    13          debugs(88, 5, "send_hit forces a MISS");
    14          http->logType = LOG_TCP_MISS;
    15 @@ -597,29 +596,27 @@
    16              http->logType = LOG_TCP_MISS;
    17              processMiss();
    18          }
    19 -        return;
    20      } else if (r->conditional()) {
    21          debugs(88, 5, "conditional HIT");
    22 -        if (processConditional(result))
    23 -            return;
    24 -    }
    25 -
    26 -    /*
    27 -     * plain ol' cache hit
    28 -     */
    29 -    debugs(88, 5, "plain old HIT");
    30 +        processConditional(result);
    31 +    } else {
    32 +        /*
    33 +         * plain ol' cache hit
    34 +         */
    35 +        debugs(88, 5, "plain old HIT");
    36  
    37  #if USE_DELAY_POOLS
    38 -    if (e->store_status != STORE_OK)
    39 -        http->logType = LOG_TCP_MISS;
    40 -    else
    41 +        if (e->store_status != STORE_OK)
    42 +            http->logType = LOG_TCP_MISS;
    43 +        else
    44  #endif
    45 -        if (e->mem_status == IN_MEMORY)
    46 -            http->logType = LOG_TCP_MEM_HIT;
    47 -        else if (Config.onoff.offline)
    48 -            http->logType = LOG_TCP_OFFLINE_HIT;
    49 +            if (e->mem_status == IN_MEMORY)
    50 +                http->logType = LOG_TCP_MEM_HIT;
    51 +            else if (Config.onoff.offline)
    52 +                http->logType = LOG_TCP_OFFLINE_HIT;
    53  
    54 -    sendMoreData(result);
    55 +        sendMoreData(result);
    56 +    }
    57  }
    58  
    59  /**
    60 @@ -713,16 +710,17 @@
    61  }
    62  
    63  /// process conditional request from client
    64 -bool
    65 +void
    66  clientReplyContext::processConditional(StoreIOBuffer &result)
    67  {
    68      StoreEntry *const e = http->storeEntry();
    69  
    70      if (e->getReply()->sline.status() != Http::scOkay) {
    71 -        debugs(88, 4, "Reply code " << e->getReply()->sline.status() << " != 200");
    72 +        debugs(88, 4, "clientReplyContext::processConditional: Reply code " <<
    73 +               e->getReply()->sline.status() << " != 200");
    74          http->logType = LOG_TCP_MISS;
    75          processMiss();
    76 -        return true;
    77 +        return;
     7@@ -474,6 +474,16 @@
     8         return;
    789     }
    7910 
    80      HttpRequest &r = *http->request;
    81 @@ -730,39 +728,51 @@
    82      if (r.header.has(HDR_IF_MATCH) && !e->hasIfMatchEtag(r)) {
    83          // RFC 2616: reply with 412 Precondition Failed if If-Match did not match
    84          sendPreconditionFailedError();
    85 -        return true;
     11+    // The previously identified hit suddenly became unsharable!
     12+    // This is common for collapsed forwarding slaves but might also
     13+    // happen to regular hits because we are called asynchronously.
     14+    if (EBIT_TEST(e->flags, KEY_PRIVATE)) {
     15+        debugs(88, 3, "unsharable " << *e << ". MISS");
     16+        http->logType = LOG_TCP_MISS;
     17+        processMiss();
    8618+        return;
    87      }
    88  
    89 +    bool matchedIfNoneMatch = false;
    90      if (r.header.has(HDR_IF_NONE_MATCH)) {
    91 -        // RFC 7232: If-None-Match recipient MUST ignore IMS
    92 -        r.flags.ims = false;
    93 -        r.ims = -1;
    94 -        r.imslen = 0;
    95 -        r.header.delById(HDR_IF_MODIFIED_SINCE);
    96 +        if (!e->hasIfNoneMatchEtag(r)) {
    97 +            // RFC 2616: ignore IMS if If-None-Match did not match
    98 +            r.flags.ims = false;
    99 +            r.ims = -1;
    100 +            r.imslen = 0;
    101 +            r.header.delById(HDR_IF_MODIFIED_SINCE);
    102 +            http->logType = LOG_TCP_MISS;
    103 +            sendMoreData(result);
    104 +            return;
    105 +        }
    106  
    107 -        if (e->hasIfNoneMatchEtag(r)) {
    108 +        if (!r.flags.ims) {
    109 +            // RFC 2616: if If-None-Match matched and there is no IMS,
    110 +            // reply with 304 Not Modified or 412 Precondition Failed
    111              sendNotModifiedOrPreconditionFailedError();
    112 -            return true;
    113 +            return;
    114          }
    115  
    116 -        // None-Match is true (no ETag matched); treat as an unconditional hit
    117 -        return false;
    118 +        // otherwise check IMS below to decide if we reply with 304 or 412
    119 +        matchedIfNoneMatch = true;
    120      }
    121  
    122      if (r.flags.ims) {
    123          // handle If-Modified-Since requests from the client
    124          if (e->modifiedSince(&r)) {
    125 -            // Modified-Since is true; treat as an unconditional hit
    126 -            return false;
    127 +            http->logType = LOG_TCP_IMS_HIT;
    128 +            sendMoreData(result);
    129 +            return;
    130 +        }
    131  
    132 -        } else {
    133 -            // otherwise reply with 304 Not Modified
    134 -            sendNotModified();
    135 +        if (matchedIfNoneMatch) {
    136 +            // If-None-Match matched, reply with 304 Not Modified or
    137 +            // 412 Precondition Failed
    138 +            sendNotModifiedOrPreconditionFailedError();
    139 +            return;
    140          }
    141 -        return true;
    142 -    }
    143  
    144 -    return false;
    145 +        // otherwise reply with 304 Not Modified
    146 +        sendNotModified();
    14719+    }
    148  }
    149  
    150  /// whether squid.conf send_hit prevents us from serving this hit
    151 @@ -1909,12 +1919,7 @@
    152      StoreEntry *e = http->storeEntry();
    153      const time_t timestamp = e->timestamp;
    154      HttpReply *const temprep = e->getReply()->make304();
    155 -    // log as TCP_INM_HIT if code 304 generated for
    156 -    // If-None-Match request
    157 -    if (!http->request->flags.ims)
    158 -        http->logType = LOG_TCP_INM_HIT;
    159 -    else
    160 -        http->logType = LOG_TCP_IMS_HIT;
    161 +    http->logType = LOG_TCP_IMS_HIT;
    162      removeClientStoreReference(&sc, http);
    163      createStoreEntry(http->request->method, RequestFlags());
    164      e = http->storeEntry();
     20+
     21     if (result.length == 0) {
     22         debugs(88, 5, "store IO buffer has no content. MISS");
     23         /* the store couldn't get enough data from the file for us to id the
Note: See TracChangeset for help on using the changeset viewer.