Bug 4437 - Squid Segfault on Certain Handshake Errors
Summary: Squid Segfault on Certain Handshake Errors
Status: RESOLVED FIXED
Alias: None
Product: Squid
Classification: Unclassified
Component: other: SSL-Bump (show other bugs)
Version: 3.5
Hardware: All All
: P5 critical
Assignee: Christos Tsantilas
URL:
Depends on:
Blocks:
 
Reported: 2016-02-12 17:50 UTC by Christos Tsantilas
Modified: 2016-02-13 07:22 UTC (History)
0 users

See Also:
Browser: ---
Fixed Versions: 4.0.6, 3.5.14
Needs:


Attachments
fix for the bug (1.86 KB, patch)
2016-02-12 18:05 UTC, Christos Tsantilas
Details

Note You need to log in before you can comment on or make changes to this bug.
Description Christos Tsantilas 2016-02-12 17:50:38 UTC
Squid crashes on certain handshake errors.

Backtrace:
Program received signal SIGSEGV, Segmentation fault.
0x00000000008b6654 in Comm::Connection::getPeer() const ()
(gdb) bt
#0  0x00000000007a5564 in Comm::Connection::getPeer() const ()
#1  0x00000000005ae476 in FwdState::connectedToPeer(Ssl::PeerConnectorAnswer&) ()
#2  0x0000000000708461 in AsyncCall::make() ()
#3  0x000000000070c7c5 in AsyncCallQueue::fireNext() ()
#4  0x000000000070cc10 in AsyncCallQueue::fire() ()
#5  0x0000000000596251 in EventLoop::runOnce() ()
#6  0x0000000000596440 in EventLoop::run() ()
#7  0x00000000005f9c53 in SquidMain(int, char**) ()
#8  0x00000000004f3f2d in main ()
Comment 1 Christos Tsantilas 2016-02-12 18:05:44 UTC
Created attachment 3284 [details]
fix for the bug

Squid after an unsuccessful try to connect to the remote server may
make two concurrent retries to connect to the remote SSL server, calling
twice the FwdState::retryOrBail() method, which may result to unexpected
behaviour.

This patch just closes the connection to the remote SSL server inside
FwdState::connectedToPeer method on error and  instead of calling
the FwdState::retryOrBail method, just allow comm_close handler to retry
the connection if required
Comment 2 Amos Jeffries 2016-02-13 07:22:01 UTC
Thank you. Applied to Squid-4 and 3.5