Addressed your comments in [t2] patch. Also polished ACLFilledChecklist::fd(int) similarly.
Eduard. 2016-01-13 8:05 GMT+03:00 Amos Jeffries <squ...@treenet.co.nz>:
in src/acl/DestinationIp.cc * please use a "const auto" local variable to store checklist->conn(). - that way you can avoid three de-references and method calls. in src/acl/FilledChecklist.cc * ACLFilledChecklist::conn() does not need to check "conn_ != nullptr" - cbdataReferenceValid() handles that fine for this usage. * ACLFilledChecklist::fd() needs to use conn() consistently. - that may mean a "const auto" temporary variable to avoid multiple conn() calls and dereferences. - also the "!= nullptr" parts can be erased now. RefCount no longer has the issue that !=NULL was needed for.
Fix bug 4378: assertion failed: DestinationIp.cc:60: "checklist->conn() && checklist->conn()->clientConnection != NULL" === modified file 'src/acl/DestinationIp.cc' --- src/acl/DestinationIp.cc 2016-01-01 00:12:18 +0000 +++ src/acl/DestinationIp.cc 2016-01-13 08:52:20 +0000 @@ -11,62 +11,63 @@ #include "squid.h" #include "acl/DestinationIp.h" #include "acl/FilledChecklist.h" #include "client_side.h" #include "comm/Connection.h" #include "HttpRequest.h" #include "SquidConfig.h" ACLFlag ACLDestinationIP::SupportedFlags[] = {ACL_F_NO_LOOKUP, ACL_F_END}; char const * ACLDestinationIP::typeString() const { return "dst"; } int ACLDestinationIP::match(ACLChecklist *cl) { ACLFilledChecklist *checklist = Filled(cl); // if there is no HTTP request details fallback to the dst_addr if (!checklist->request) return ACLIP::match(checklist->dst_addr); // Bug 3243: CVE 2009-0801 // Bypass of browser same-origin access control in intercepted communication // To resolve this we will force DIRECT and only to the original client destination. // In which case, we also need this ACL to accurately match the destination if (Config.onoff.client_dst_passthru && (checklist->request->flags.intercepted || checklist->request->flags.interceptTproxy)) { - assert(checklist->conn() && checklist->conn()->clientConnection != NULL); - return ACLIP::match(checklist->conn()->clientConnection->local); + const auto conn = checklist->conn(); + return (conn && conn->clientConnection) ? + ACLIP::match(conn->clientConnection->local) : -1; } if (flags.isSet(ACL_F_NO_LOOKUP)) { if (!checklist->request->url.hostIsNumeric()) { debugs(28, 3, "No-lookup DNS ACL '" << AclMatchedName << "' for " << checklist->request->url.host()); return 0; } if (ACLIP::match(checklist->request->url.hostIP())) return 1; return 0; } const ipcache_addrs *ia = ipcache_gethostbyname(checklist->request->url.host(), IP_LOOKUP_IF_MISS); if (ia) { /* Entry in cache found */ for (int k = 0; k < (int) ia->count; ++k) { if (ACLIP::match(ia->in_addrs[k])) return 1; } return 0; } else if (!checklist->request->flags.destinationIpLookedUp) { /* No entry in cache, lookup not attempted */ debugs(28, 3, "can't yet compare '" << name << "' ACL for " << checklist->request->url.host()); if (checklist->goAsync(DestinationIPLookup::Instance())) return -1; // else fall through to mismatch, hiding the lookup failure (XXX) === modified file 'src/acl/FilledChecklist.cc' --- src/acl/FilledChecklist.cc 2016-01-01 00:12:18 +0000 +++ src/acl/FilledChecklist.cc 2016-01-13 09:03:07 +0000 @@ -98,82 +98,84 @@ if (!al->adapted_request) { showDebugWarning("adapted HttpRequest object"); al->adapted_request = request; HTTPMSGLOCK(al->adapted_request); } if (!al->url) { showDebugWarning("URL"); al->url = xstrdup(request->url.absolute().c_str()); } } if (reply && !al->reply) { showDebugWarning("HttpReply object"); al->reply = reply; HTTPMSGLOCK(al->reply); } #if USE_IDENT if (*rfc931 && !al->cache.rfc931) { showDebugWarning("IDENT"); al->cache.rfc931 = xstrdup(rfc931); } #endif } ConnStateData * ACLFilledChecklist::conn() const { - return conn_; + return cbdataReferenceValid(conn_) ? conn_ : nullptr; } void ACLFilledChecklist::conn(ConnStateData *aConn) { if (conn() == aConn) return; assert (conn() == NULL); conn_ = cbdataReference(aConn); } int ACLFilledChecklist::fd() const { - return (conn_ != NULL && conn_->clientConnection != NULL) ? conn_->clientConnection->fd : fd_; + const auto c = conn(); + return (c && c->clientConnection) ? c->clientConnection->fd : fd_; } void ACLFilledChecklist::fd(int aDescriptor) { - assert(!conn() || conn()->clientConnection == NULL || conn()->clientConnection->fd == aDescriptor); + const auto c = conn(); + assert(!c || !c->clientConnection || c->clientConnection->fd == aDescriptor); fd_ = aDescriptor; } bool ACLFilledChecklist::destinationDomainChecked() const { return destinationDomainChecked_; } void ACLFilledChecklist::markDestinationDomainChecked() { assert (!finished() && !destinationDomainChecked()); destinationDomainChecked_ = true; } bool ACLFilledChecklist::sourceDomainChecked() const { return sourceDomainChecked_; } void ACLFilledChecklist::markSourceDomainChecked() { assert (!finished() && !sourceDomainChecked()); sourceDomainChecked_ = true; } /*
_______________________________________________ squid-dev mailing list squid-dev@lists.squid-cache.org http://lists.squid-cache.org/listinfo/squid-dev