- Timestamp:
- Jul 13, 2017, 11:11:39 AM (4 years ago)
- File:
-
- 1 edited
Legend:
- Unmodified
- Added
- Removed
-
squid-ssl/trunk/fuentes/debian/patches/CVE-2016-10003.patch
r5501 r5503 5 5 --- a/src/client_side_reply.cc 6 6 +++ b/src/client_side_reply.cc 7 @@ -545,7 +545,6 @@ 8 debugs(88, 5, "negative-HIT"); 9 http->logType = LOG_TCP_NEGATIVE_HIT; 10 sendMoreData(result); 11 - return; 12 } else if (blockedHit()) { 13 debugs(88, 5, "send_hit forces a MISS"); 14 http->logType = LOG_TCP_MISS; 15 @@ -597,29 +596,27 @@ 16 http->logType = LOG_TCP_MISS; 17 processMiss(); 18 } 19 - return; 20 } else if (r->conditional()) { 21 debugs(88, 5, "conditional HIT"); 22 - if (processConditional(result)) 23 - return; 24 - } 25 - 26 - /* 27 - * plain ol' cache hit 28 - */ 29 - debugs(88, 5, "plain old HIT"); 30 + processConditional(result); 31 + } else { 32 + /* 33 + * plain ol' cache hit 34 + */ 35 + debugs(88, 5, "plain old HIT"); 36 37 #if USE_DELAY_POOLS 38 - if (e->store_status != STORE_OK) 39 - http->logType = LOG_TCP_MISS; 40 - else 41 + if (e->store_status != STORE_OK) 42 + http->logType = LOG_TCP_MISS; 43 + else 44 #endif 45 - if (e->mem_status == IN_MEMORY) 46 - http->logType = LOG_TCP_MEM_HIT; 47 - else if (Config.onoff.offline) 48 - http->logType = LOG_TCP_OFFLINE_HIT; 49 + if (e->mem_status == IN_MEMORY) 50 + http->logType = LOG_TCP_MEM_HIT; 51 + else if (Config.onoff.offline) 52 + http->logType = LOG_TCP_OFFLINE_HIT; 53 54 - sendMoreData(result); 55 + sendMoreData(result); 56 + } 57 } 58 59 /** 60 @@ -713,16 +710,17 @@ 61 } 62 63 /// process conditional request from client 64 -bool 65 +void 66 clientReplyContext::processConditional(StoreIOBuffer &result) 67 { 68 StoreEntry *const e = http->storeEntry(); 69 70 if (e->getReply()->sline.status() != Http::scOkay) { 71 - debugs(88, 4, "Reply code " << e->getReply()->sline.status() << " != 200"); 72 + debugs(88, 4, "clientReplyContext::processConditional: Reply code " << 73 + e->getReply()->sline.status() << " != 200"); 74 http->logType = LOG_TCP_MISS; 75 processMiss(); 76 - return true; 77 + return; 7 @@ -474,6 +474,16 @@ 8 return; 78 9 } 79 10 80 HttpRequest &r = *http->request; 81 @@ -730,39 +728,51 @@ 82 if (r.header.has(HDR_IF_MATCH) && !e->hasIfMatchEtag(r)) { 83 // RFC 2616: reply with 412 Precondition Failed if If-Match did not match 84 sendPreconditionFailedError(); 85 - return true; 11 + // The previously identified hit suddenly became unsharable! 12 + // This is common for collapsed forwarding slaves but might also 13 + // happen to regular hits because we are called asynchronously. 14 + if (EBIT_TEST(e->flags, KEY_PRIVATE)) { 15 + debugs(88, 3, "unsharable " << *e << ". MISS"); 16 + http->logType = LOG_TCP_MISS; 17 + processMiss(); 86 18 + return; 87 }88 89 + bool matchedIfNoneMatch = false;90 if (r.header.has(HDR_IF_NONE_MATCH)) {91 - // RFC 7232: If-None-Match recipient MUST ignore IMS92 - r.flags.ims = false;93 - r.ims = -1;94 - r.imslen = 0;95 - r.header.delById(HDR_IF_MODIFIED_SINCE);96 + if (!e->hasIfNoneMatchEtag(r)) {97 + // RFC 2616: ignore IMS if If-None-Match did not match98 + r.flags.ims = false;99 + r.ims = -1;100 + r.imslen = 0;101 + r.header.delById(HDR_IF_MODIFIED_SINCE);102 + http->logType = LOG_TCP_MISS;103 + sendMoreData(result);104 + return;105 + }106 107 - if (e->hasIfNoneMatchEtag(r)) {108 + if (!r.flags.ims) {109 + // RFC 2616: if If-None-Match matched and there is no IMS,110 + // reply with 304 Not Modified or 412 Precondition Failed111 sendNotModifiedOrPreconditionFailedError();112 - return true;113 + return;114 }115 116 - // None-Match is true (no ETag matched); treat as an unconditional hit117 - return false;118 + // otherwise check IMS below to decide if we reply with 304 or 412119 + matchedIfNoneMatch = true;120 }121 122 if (r.flags.ims) {123 // handle If-Modified-Since requests from the client124 if (e->modifiedSince(&r)) {125 - // Modified-Since is true; treat as an unconditional hit126 - return false;127 + http->logType = LOG_TCP_IMS_HIT;128 + sendMoreData(result);129 + return;130 + }131 132 - } else {133 - // otherwise reply with 304 Not Modified134 - sendNotModified();135 + if (matchedIfNoneMatch) {136 + // If-None-Match matched, reply with 304 Not Modified or137 + // 412 Precondition Failed138 + sendNotModifiedOrPreconditionFailedError();139 + return;140 }141 - return true;142 - }143 144 - return false;145 + // otherwise reply with 304 Not Modified146 + sendNotModified();147 19 + } 148 } 149 150 /// whether squid.conf send_hit prevents us from serving this hit 151 @@ -1909,12 +1919,7 @@ 152 StoreEntry *e = http->storeEntry(); 153 const time_t timestamp = e->timestamp; 154 HttpReply *const temprep = e->getReply()->make304(); 155 - // log as TCP_INM_HIT if code 304 generated for 156 - // If-None-Match request 157 - if (!http->request->flags.ims) 158 - http->logType = LOG_TCP_INM_HIT; 159 - else 160 - http->logType = LOG_TCP_IMS_HIT; 161 + http->logType = LOG_TCP_IMS_HIT; 162 removeClientStoreReference(&sc, http); 163 createStoreEntry(http->request->method, RequestFlags()); 164 e = http->storeEntry(); 20 + 21 if (result.length == 0) { 22 debugs(88, 5, "store IO buffer has no content. MISS"); 23 /* the store couldn't get enough data from the file for us to id the
Note: See TracChangeset
for help on using the changeset viewer.