Hi Henrik,
At 12.40 24/08/2006, Guido Serassio wrote:
Hi Henrik,
Just found how to crash Squid 2.6 (latest CVS) ... :-(
- Enable authenticated only access
- Add to ERR_INVALID_REQ error file "User: %a<P>"
- reload error messages
squidclient -m GETTT http://www.cisco.com
Squid crashes into errorpage.c when evaluating %a because
err-)request is NULL.
I'm suspecting that the same could happen with ERR_INVALID_URL, see
client_side.c line 3931.
ERR_INVALID_URL crash also confirmed.
This fixes the crash:
Index: src/errorpage.c
===================================================================
RCS file: /cvsroot/squid/squid/src/errorpage.c,v
retrieving revision 1.27.2.4
diff -u -p -r1.27.2.4 errorpage.c
--- src/errorpage.c 5 Jul 2006 16:08:46 -0000 1.27.2.4
+++ src/errorpage.c 24 Aug 2006 11:25:02 -0000
@@ -452,8 +452,10 @@ errorConvert(char token, ErrorState * er
memBufReset(&mb);
switch (token) {
case 'a':
- if (r->auth_user_request)
- p = authenticateUserRequestUsername(r->auth_user_request);
+ if (r) {
+ if (r->auth_user_request)
+ p = authenticateUserRequestUsername(r->auth_user_request);
+ }
if (!p)
p = "-";
break;
It's enough ?
Regards
Guido
-
========================================================
Guido Serassio
Acme Consulting S.r.l. - Microsoft Certified Partner
Via Lucia Savarino, 1 10098 - Rivoli (TO) - ITALY
Tel. : +39.011.9530135 Fax. : +39.011.9781115
Email: [EMAIL PROTECTED]
WWW: http://www.acmeconsulting.it/
