[jira] [Work logged] (TS-4697) MIOBuffer is not freed if ipallow check fails in HttpSessionAccept::accept()

Tue, 02 Aug 2016 01:12:08 -0700 

     [ 
https://issues.apache.org/jira/browse/TS-4697?focusedWorklogId=26144&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-26144
 ]

ASF GitHub Bot logged work on TS-4697:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 02/Aug/16 08:11
            Start Date: 02/Aug/16 08:11
    Worklog Time Spent: 10m 
      Work Description: Github user oknet commented on the issue:

    https://github.com/apache/trafficserver/pull/823
  
    @jpeach agree with u to return bool from SessionAccept::accept().
    
    SessionAccept did not consume any parameters, It is just transfer 
parameters to ClientSession.
    as your said "Both the vc and the buffer should be treated consistently", 
I'm prefer to move do_io_close() and free MIOBuffer from SessionAccept to 
ProtocolProbeTrampoline.
    
    Just return false if ipallow check fails in XXXSessionAccept::accept().
    Then, the NetVC and MIOBuffer will be close&free in ProtocolProbeTrampoline.



Issue Time Tracking
-------------------

    Worklog Id:     (was: 26144)
    Time Spent: 1h 50m  (was: 1h 40m)

> MIOBuffer is not freed if ipallow check fails in HttpSessionAccept::accept()
> ----------------------------------------------------------------------------
>
>                 Key: TS-4697
>                 URL: https://issues.apache.org/jira/browse/TS-4697
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: HTTP, Network
>            Reporter: Oknet Xu
>            Assignee: Oknet Xu
>             Fix For: 7.0.0
>
>          Time Spent: 1h 50m
>  Remaining Estimate: 0h
>
> {code}
> void
> HttpSessionAccept::accept(NetVConnection *netvc, MIOBuffer *iobuf, 
> IOBufferReader *reader)
> {
>   sockaddr const *client_ip = netvc->get_remote_addr();
>   const AclRecord *acl_record = NULL;
>   ip_port_text_buffer ipb;
>   IpAllow::scoped_config ipallow;
>   // The backdoor port is now only bound to "localhost", so no
>   // reason to check for if it's incoming from "localhost" or not.
>   if (backdoor) {
>     acl_record = IpAllow::AllMethodAcl();
>   } else if (ipallow && (((acl_record = ipallow->match(client_ip)) == NULL) 
> || (acl_record->isEmpty()))) {
>     ////////////////////////////////////////////////////
>     // if client address forbidden, close immediately //
>     ////////////////////////////////////////////////////
>     Warning("client '%s' prohibited by ip-allow policy", 
> ats_ip_ntop(client_ip, ipb, sizeof(ipb)));
>     netvc->do_io_close();
>     return;   // ----------------->  MIOBuffer did not free.
>   }
> ...
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)

Reply via email to