[jira] [Work logged] (TS-4697) MIOBuffer is not freed if ipallow check fails in HttpSessionAccept::accept()

Mon, 15 Aug 2016 01:34:33 -0700 

     [ 
https://issues.apache.org/jira/browse/TS-4697?focusedWorklogId=26421&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-26421
 ]

ASF GitHub Bot logged work on TS-4697:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 15/Aug/16 08:33
            Start Date: 15/Aug/16 08:33
    Worklog Time Spent: 10m 
      Work Description: Github user oknet commented on the issue:

    https://github.com/apache/trafficserver/pull/823
  
    @jpeach Do you means L175 ~ L184 in proxy/http/HttpSessionAccept.h ?
    ```
    175 /**
    176    The continuation mutex is NULL to allow parellel accepts in NT. No
    177    state is recorded by the handler and values are required to be set
    178    during construction via the @c Options struct and never changed. So
    179    a NULL mutex is safe.
    180 
    181    Most of the state is simply passed on to the @c ClientSession after
    182    an accept. It is done here because this is the least bad pathway
    183    from the top level configuration to the HTTP session.
    184 */
    185 
    186 class HttpSessionAccept : public SessionAccept, private 
detail::HttpSessionAcceptOptions
    ```
    
    Just copy the comment from HttpSessionAccept.h to I_SessionAccept.h maybe 
with minor changes ?


Issue Time Tracking
-------------------

    Worklog Id:     (was: 26421)
    Time Spent: 2h 10m  (was: 2h)

> MIOBuffer is not freed if ipallow check fails in HttpSessionAccept::accept()
> ----------------------------------------------------------------------------
>
>                 Key: TS-4697
>                 URL: https://issues.apache.org/jira/browse/TS-4697
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: HTTP, Network
>            Reporter: Oknet Xu
>            Assignee: Oknet Xu
>             Fix For: 7.0.0
>
>          Time Spent: 2h 10m
>  Remaining Estimate: 0h
>
> {code}
> void
> HttpSessionAccept::accept(NetVConnection *netvc, MIOBuffer *iobuf, 
> IOBufferReader *reader)
> {
>   sockaddr const *client_ip = netvc->get_remote_addr();
>   const AclRecord *acl_record = NULL;
>   ip_port_text_buffer ipb;
>   IpAllow::scoped_config ipallow;
>   // The backdoor port is now only bound to "localhost", so no
>   // reason to check for if it's incoming from "localhost" or not.
>   if (backdoor) {
>     acl_record = IpAllow::AllMethodAcl();
>   } else if (ipallow && (((acl_record = ipallow->match(client_ip)) == NULL) 
> || (acl_record->isEmpty()))) {
>     ////////////////////////////////////////////////////
>     // if client address forbidden, close immediately //
>     ////////////////////////////////////////////////////
>     Warning("client '%s' prohibited by ip-allow policy", 
> ats_ip_ntop(client_ip, ipb, sizeof(ipb)));
>     netvc->do_io_close();
>     return;   // ----------------->  MIOBuffer did not free.
>   }
> ...
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to