------------------------------------------------------------ revno: 13447 revision-id: squid3@treenet.co.nz-20140605155723-kmh7gu9huoxjg060 parent: squid3@treenet.co.nz-20140605151319-djoy3o3t1cf4ctnt committer: Amos Jeffries branch nick: trunk timestamp: Thu 2014-06-05 08:57:23 -0700 message: Fix error in rev.13417 "ssl_bump none" mode crashes squid The fake CONNECT request generated to relay non-bumped traffic needs to be pre-pended to any existing data in the ConnStateData::In buffer. Otherwise our new bytes will corrupt any traffic bytes already in there and our intended CONNECT request will never be recognised as we re-parse the buffer. ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20140605155723-kmh7gu9huoxjg060 # target_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/ # testament_sha1: bf354d296c89afb927138c246b338ab94eb76087 # timestamp: 2014-06-05 16:54:23 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/trunk/ # base_revision_id: squid3@treenet.co.nz-20140605151319-\ # djoy3o3t1cf4ctnt # # Begin patch === modified file 'src/client_side.cc' --- src/client_side.cc 2014-06-05 14:57:58 +0000 +++ src/client_side.cc 2014-06-05 15:57:23 +0000 @@ -3620,8 +3620,9 @@ // fake a CONNECT request to force connState to tunnel static char ip[MAX_IPSTRLEN]; connState->clientConnection->local.toUrl(ip, sizeof(ip)); - // XXX need to *pre-pend* this fake request to the TLS bits already in the buffer - connState->in.buf.append("CONNECT ").append(ip).append(" HTTP/1.1\r\nHost: ").append(ip).append("\r\n\r\n"); + // Pre-pend this fake request to the TLS bits already in the buffer + SBuf retStr("CONNECT ").append(ip).append(" HTTP/1.1\r\nHost: ").append(ip).append("\r\n\r\n"); + connState->in.buf = retStr.append(connState->in.buf); bool ret = connState->handleReadData(); if (ret) ret = connState->clientParseRequests();