Bug#776461: squid3: Excessive CPU consumption (or crash) when contacting servers with many IP addresses

Wed, 28 Jan 2015 01:49:20 -0800 

Package: squid3
Version: 3.4.8-5
Severity: grave
Tags: patch upstream
Justification: renders package unusable

Upstream fixed an issue with server with multiple IP addesses (>10 IPs in 
current Debian package 
version) that can make squid3 crash or consume excessive CPU.

-- System Information:
Debian Release: 8.0
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: amd64 (x86_64)

Kernel: Linux 3.16.0-4-amd64 (SMP w/2 CPU cores)
Locale: LANG=it_IT.UTF-8, LC_CTYPE=it_IT.UTF-8 (charmap=UTF-8)
Shell: /bin/sh linked to /bin/bash
Init: sysvinit (via /sbin/init)

Versions of packages squid3 depends on:
ii  adduser                  3.113+nmu3
ii  libc6                    2.19-13
ii  libcap2                  1:2.24-6
ii  libcomerr2               1.42.12-1
ii  libdb5.3                 5.3.28-9
ii  libecap2                 0.2.0-3
ii  libexpat1                2.1.0-6+b3
ii  libgcc1                  1:4.9.2-10
ii  libgssapi-krb5-2         1.12.1+dfsg-16
ii  libk5crypto3             1.12.1+dfsg-16
ii  libkrb5-3                1.12.1+dfsg-16
ii  libldap-2.4-2            2.4.40-3
ii  libltdl7                 2.4.2-1.11
ii  libnetfilter-conntrack3  1.0.4-1
ii  libnettle4               2.7.1-5
ii  libpam0g                 1.1.8-3.1
ii  libsasl2-2               2.1.26.dfsg1-12
ii  libstdc++6               4.9.2-10
ii  libxml2                  2.9.2+dfsg1-1+b1
ii  logrotate                3.8.7-1+b1
ii  lsb-base                 4.1+Debian13+nmu1
ii  netbase                  5.3
ii  squid3-common            3.4.8-5

squid3 recommends no packages.

Versions of packages squid3 suggests:
pn  resolvconf   <none>
ii  smbclient    2:4.1.13+dfsg-4
pn  squid-cgi    <none>
pn  squid-purge  <none>
pn  squidclient  <none>
pn  ufw          <none>
pn  winbindd     <none>

-- no debconf information

------------------------------------------------------------
revno: 13199
revision-id: squ...@treenet.co.nz-20141218143623-slknpcqeu13kv438
parent: squ...@treenet.co.nz-20141218143539-y7l81k7av5qlkuwv
author: Christos Tsantilas <chtsa...@users.sourceforge.net>
committer: Amos Jeffries <squ...@treenet.co.nz>
branch nick: 3.4
timestamp: Thu 2014-12-18 06:36:23 -0800
message:
  Deleting first fs left psstate->servers pointing to uninitialized memory
  
   ... possibly causing infinite loops in peerAddFwdServer().
  
  TODO: The condition itself is excessive. If fs is not nil, the previous check
  already tells us that the Config.forward_max_tries limit is exceeded.
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squ...@treenet.co.nz-20141218143623-slknpcqeu13kv438
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
# testament_sha1: 6856008755c69a187bc5932131c7543c99615dbf
# timestamp: 2014-12-18 14:38:46 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
# base_revision_id: squ...@treenet.co.nz-20141218143539-\
#   y7l81k7av5qlkuwv
# 
# Begin patch
=== modified file 'src/peer_select.cc'
--- src/peer_select.cc  2014-04-23 05:15:49 +0000
+++ src/peer_select.cc  2014-12-18 14:36:23 +0000
@@ -271,11 +271,12 @@
     // due to the allocation method of fs, we must deallocate each manually.
     // TODO: use a std::list so we can get the size and abort adding whenever 
the selection loops reach Config.forward_max_tries
     if (fs && psstate->paths->size() >= (unsigned 
int)Config.forward_max_tries) {
+        assert(fs == psstate->servers);
         while (fs) {
-            FwdServer *next = fs->next;
+            psstate->servers = fs->next;
             cbdataReferenceDone(fs->_peer);
             memFree(fs, MEM_FWD_SERVER);
-            fs = next;
+            fs = psstate->servers;
         }
     }
 


-- 
To UNSUBSCRIBE, email to debian-bugs-dist-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org

Reply via email to