[jira] [Work logged] (TS-4697) MIOBuffer is not freed if ipallow check fails in HttpSessionAccept::accept()

[ASF GitHub Bot (JIRA)]

     [ 
https://issues.apache.org/jira/browse/TS-4697?focusedWorklogId=26080&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-26080
 ]

ASF GitHub Bot logged work on TS-4697:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 29/Jul/16 01:51
            Start Date: 29/Jul/16 01:51
    Worklog Time Spent: 10m 
      Work Description: Github user jpeach commented on the issue:

    https://github.com/apache/trafficserver/pull/823
  
    We don't really use event return values outside of event handlers, so if we 
return a failure from ``accept()``, it should just be a ``bool``.
    
    Originally, the contract for ``SessionAccept::accept()`` was that it always 
consumed its arguments. This means that it should be responsible for releasing 
the ``MIOBuffer`` on failure. With your proposal, the caller deleted the buffer 
but the callee closes the vc. Both the vc and the buffer should be treated 
consistently, so either enforce the original contract, or delete any allocated 
buffers in the leaf handlers when they fail  (updating the comments that 
describe the calling contract).


Issue Time Tracking
-------------------

    Worklog Id:     (was: 26080)
    Time Spent: 1h 20m  (was: 1h 10m)

> MIOBuffer is not freed if ipallow check fails in HttpSessionAccept::accept()
> ----------------------------------------------------------------------------
>
>                 Key: TS-4697
>                 URL: https://issues.apache.org/jira/browse/TS-4697
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: HTTP, Network
>            Reporter: Oknet Xu
>            Assignee: Oknet Xu
>             Fix For: 7.0.0
>
>          Time Spent: 1h 20m
>  Remaining Estimate: 0h
>
> {code}
> void
> HttpSessionAccept::accept(NetVConnection *netvc, MIOBuffer *iobuf, 
> IOBufferReader *reader)
> {
>   sockaddr const *client_ip = netvc->get_remote_addr();
>   const AclRecord *acl_record = NULL;
>   ip_port_text_buffer ipb;
>   IpAllow::scoped_config ipallow;
>   // The backdoor port is now only bound to "localhost", so no
>   // reason to check for if it's incoming from "localhost" or not.
>   if (backdoor) {
>     acl_record = IpAllow::AllMethodAcl();
>   } else if (ipallow && (((acl_record = ipallow->match(client_ip)) == NULL) 
> || (acl_record->isEmpty()))) {
>     ////////////////////////////////////////////////////
>     // if client address forbidden, close immediately //
>     ////////////////////////////////////////////////////
>     Warning("client '%s' prohibited by ip-allow policy", 
> ats_ip_ntop(client_ip, ipb, sizeof(ipb)));
>     netvc->do_io_close();
>     return;   // ----------------->  MIOBuffer did not free.
>   }
> ...
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)