[jira] [Work logged] (TS-4697) MIOBuffer is not freed if ipallow check fails in HttpSessionAccept::accept()

Tue, 16 Aug 2016 20:42:52 -0700 

     [ 
https://issues.apache.org/jira/browse/TS-4697?focusedWorklogId=26534&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-26534
 ]

ASF GitHub Bot logged work on TS-4697:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 17/Aug/16 03:41
            Start Date: 17/Aug/16 03:41
    Worklog Time Spent: 10m 
      Work Description: Github user oknet commented on a diff in the pull 
request:

    https://github.com/apache/trafficserver/pull/823#discussion_r75058577
  
    --- Diff: iocore/net/I_SessionAccept.h ---
    @@ -29,12 +29,40 @@
     
     struct AclRecord;
     
    +/**
    +   The base class SessionAccept can not be used directly.
    +   The inherited class of SessionAccept (ex. HttpSessionAccept) is 
designed to
    +
    +     - Check IPAllow policy
    +     - Create ClientSession
    +     - Pass NetVC and MIOBuffer by call ClientSession::new_connection()
    +
    +   NULL mutex:
    +
    +     - One specific protocol has ONLY one inherited class of SessionAccept.
    +
    +     - The object of this class is shared by all incoming request / NetVC 
that
    +       identified as the protocol by ProtocolSessionProbe.
    +
    +     - The inherited class of SessionAccept is non-blocked to allow 
parellel accepts
    +
    +   To implement a inherited class of SessionAccept:
    +
    +     - No state is recorded by the handler
    +
    +     - Values are required to be set during construction and never changed
    +
    +     - Can not put into EventSystem.
    +
    +   So a NULL mutex is safe to continuation.
    +*/
    +
    --- End diff --
    
    @jpeach comments added, please review.


Issue Time Tracking
-------------------

    Worklog Id:     (was: 26534)
    Time Spent: 2.5h  (was: 2h 20m)

> MIOBuffer is not freed if ipallow check fails in HttpSessionAccept::accept()
> ----------------------------------------------------------------------------
>
>                 Key: TS-4697
>                 URL: https://issues.apache.org/jira/browse/TS-4697
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: HTTP, Network
>            Reporter: Oknet Xu
>            Assignee: Oknet Xu
>             Fix For: 7.0.0
>
>          Time Spent: 2.5h
>  Remaining Estimate: 0h
>
> {code}
> void
> HttpSessionAccept::accept(NetVConnection *netvc, MIOBuffer *iobuf, 
> IOBufferReader *reader)
> {
>   sockaddr const *client_ip = netvc->get_remote_addr();
>   const AclRecord *acl_record = NULL;
>   ip_port_text_buffer ipb;
>   IpAllow::scoped_config ipallow;
>   // The backdoor port is now only bound to "localhost", so no
>   // reason to check for if it's incoming from "localhost" or not.
>   if (backdoor) {
>     acl_record = IpAllow::AllMethodAcl();
>   } else if (ipallow && (((acl_record = ipallow->match(client_ip)) == NULL) 
> || (acl_record->isEmpty()))) {
>     ////////////////////////////////////////////////////
>     // if client address forbidden, close immediately //
>     ////////////////////////////////////////////////////
>     Warning("client '%s' prohibited by ip-allow policy", 
> ats_ip_ntop(client_ip, ipb, sizeof(ipb)));
>     netvc->do_io_close();
>     return;   // ----------------->  MIOBuffer did not free.
>   }
> ...
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to