On Thu, 2006-08-24 at 13:27 +0200, Guido Serassio wrote: > Hi Henrik, > > At 12.40 24/08/2006, Guido Serassio wrote: > > >Hi Henrik, > > > >Just found how to crash Squid 2.6 (latest CVS) ... :-( > > > >- Enable authenticated only access > >- Add to ERR_INVALID_REQ error file "User: %a<P>" > >- reload error messages > > > >squidclient -m GETTT http://www.cisco.com > > > >Squid crashes into errorpage.c when evaluating %a because > >err-)request is NULL. > > > >I'm suspecting that the same could happen with ERR_INVALID_URL, see > >client_side.c line 3931. > > ERR_INVALID_URL crash also confirmed. > > This fixes the crash: > > Index: src/errorpage.c > =================================================================== > RCS file: /cvsroot/squid/squid/src/errorpage.c,v > retrieving revision 1.27.2.4 > diff -u -p -r1.27.2.4 errorpage.c > --- src/errorpage.c 5 Jul 2006 16:08:46 -0000 1.27.2.4 > +++ src/errorpage.c 24 Aug 2006 11:25:02 -0000 > @@ -452,8 +452,10 @@ errorConvert(char token, ErrorState * er > memBufReset(&mb); > switch (token) { > case 'a': > - if (r->auth_user_request) > - p = authenticateUserRequestUsername(r->auth_user_request); > + if (r) { > + if (r->auth_user_request) > + p = authenticateUserRequestUsername(r->auth_user_request); > + } > if (!p) > p = "-"; > break; > > It's enough ?
I would do it as 'if (r && r->auth_user_request)' ... Whats strange is that we're seeing error pages with no requests. client_side is setup to create an empty request if there is no fully parsed one for error construction. Rob -- GPG key available at: <http://www.robertcollins.net/keys.txt>.
signature.asc
Description: This is a digitally signed message part
