head	1.2;
access;
symbols
	old_PRE_XORG_7:1.1;
locks; strict;
comment	@# @;


1.2
date	2007.05.25.01.52.13;	author delphij;	state dead;
branches;
next	1.1;

1.1
date	2007.04.26.08.11.29;	author miwi;	state Exp;
branches;
next	;


desc
@@


1.2
log
@ - update to 2.6.STABLE13
 - replace sunsite.auc.dk which is no longer serving Squid distfiles
   (cf fenner's distfile survey) and replace it with ftp.belnet.be.
   The Squid mirror list seems to have vanished (temporarily) during
   their website redesign spree but it used to be listed there as
   an official Belgian mirror.
 - remove files/extra-patch-changeset_11375 which was added in
   2.6.12_1, the fix is present in 2.6.STABLE13.
 - simplify the SQUID_KQUEUE parsing; Squid-2 will automatically enable
   kqueue(2) support and the new OPTIONS parser does no longer require
   .ifndef WITHOUT_* constructs
 - remove IGNORE for the combination of SQUID_SSL and SQUID_ICAP
 - (try to) adapt the ICAP-core patch to the changes in the Squid code base
 - add a +ICAP identifier to the internal Squid version string to help the
   Squid developers in identifying patched up Squid versions (some
   reported bugs were not really Squid but rather ICAP bugs it seems)

Submitted by:	Thomas-Martin Seck (maintainer)
PR:		ports/112751
@
text
@---------------------
PatchSet 11375 
Date: 2007/04/17 09:35:17
Author: hno
Branch: SQUID_2_6
Tag: (none) 
Log:
MFC: Bug #1814: SSL memory leak on persistent SSL connections

Memory leak when attemting to reuse SSL-negotiated outgoing connections.

Mainly affects reverse proxy setups using SSL-enabled peers.

Merged changes:
2007/04/16 23:05:50 hno +8 -6 Bug #1814: SSL memory leak on persistent SSL connections

Members: 
	src/forward.c:1.120.2.2->1.120.2.3 

Note: this patchset was slightly modified for the FreeBSD port
      to make it apply cleanly (one hunk removed, path information stripped)

Index: squid/src/forward.c
===================================================================
RCS file: /cvsroot/squid/squid/src/forward.c,v
retrieving revision 1.120.2.2
retrieving revision 1.120.2.3
diff -u -r1.120.2.2 -r1.120.2.3
--- src/forward.c	26 Mar 2007 23:14:09 -0000	1.120.2.2
+++ src/forward.c	17 Apr 2007 09:35:17 -0000	1.120.2.3
@@@@ -319,6 +319,7 @@@@
     fd_table[fd].ssl = ssl;
     fd_table[fd].read_method = &ssl_read_method;
     fd_table[fd].write_method = &ssl_write_method;
+    fd_note(fd, "Negotiating SSL");
     fwdNegotiateSSL(fd, fwdState);
 }
 #endif
@@@@ -357,10 +358,6 @@@@
 	comm_close(server_fd);
     } else {
 	debug(17, 3) ("fwdConnectDone: FD %d: '%s'\n", server_fd, storeUrl(fwdState->entry));
-	fd_note(server_fd, storeUrl(fwdState->entry));
-	fd_table[server_fd].uses++;
-	if (fd_table[server_fd].uses == 1 && fs->peer)
-	    peerConnectSucceded(fs->peer);
 #if USE_SSL
 	if ((fs->peer && fs->peer->use_ssl) ||
 	    (!fs->peer && request->protocol == PROTO_HTTPS)) {
@@@@ -535,7 +532,7 @@@@
 		hierarchyNote(&fwdState->request->hier, fs->code, fd_table[fd].ipaddr);
 	    else
 		hierarchyNote(&fwdState->request->hier, fs->code, name);
-	    fwdConnectDone(fd, COMM_OK, fwdState);
+	    fwdDispatch(fwdState);
 	    return;
 	} else {
 	    /* Discard the persistent connection to not cause
@@@@ -653,6 +650,7 @@@@
     StoreEntry *entry = fwdState->entry;
     ErrorState *err;
     int server_fd = fwdState->server_fd;
+    FwdServer *fs = fwdState->servers;
     debug(17, 3) ("fwdDispatch: FD %d: Fetching '%s %s'\n",
 	fwdState->client_fd,
 	RequestMethodStr[request->method],
@@@@ -667,6 +665,10 @@@@
     assert(entry->ping_status != PING_WAITING);
     assert(entry->lock_count);
     EBIT_SET(entry->flags, ENTRY_DISPATCHED);
+    fd_note(server_fd, storeUrl(fwdState->entry));
+    fd_table[server_fd].uses++;
+    if (fd_table[server_fd].uses == 1 && fs->peer)
+	peerConnectSucceded(fs->peer);
     netdbPingSite(request->host);
     entry->mem_obj->refresh_timestamp = squid_curtime;
     if (fwdState->servers && (p = fwdState->servers->peer)) {
@


1.1
log
@Add a patch for Squid bug #1814, see <http://www.squid-cache.org/bugs/show_bug.cgi?id=1814>.
The patchset is a slightly modified version of the Squid patchset 11375.

Notes:
Since this patch conflicts with the ICAP patchset and only affects
non-default configurations that have been compiled using the
WITH_SQUID_SSL configuration option, apply the patch only when this
option is enabled. Set IGNORE when both WITH_SQUID_SSL and
WITH_SQUID_ICAP are defined.

PR:		112054
Submitted by:	Thomas-Martin Seck <tmseck@@netcologne.de> (maintainer)
@
text
@@

