File 10809.patch of Package squid-beta

---------------------
PatchSet 10809 
Date: 2007/05/18 18:30:41
Author: wessels
Branch: HEAD
Tag: (none) 
Log:
Fixed assertion related to TCP_RESET feature

When 'deny_info TCP_RESET' was used (and triggered), Squid asserted
in connNoteUseOfBuffer().  Because we called comm_reset_close() in
clientReplyContext::sendMoreData(), the ClientHttpRequest was freed
before http->doCallouts() returned.  Thus we were accessing freed
memory and passing a bad value to connNoteUseOfBuffer().

I've moved the comm_reset_close() call from there to
clientProcessRequest().  I dont really like having it in
clientProcessRequest(), but it seems to be the only place that will
work.  At least this way we can avoid the destroying ClientHttpRequest
before clientProcessRequest() reaches 'finish'.

Members: 
	src/client_side.cc:1.754->1.755 
	src/client_side_reply.cc:1.127->1.128 

Index: squid3/src/client_side.cc
===================================================================
RCS file: /cvsroot/squid/squid3/src/client_side.cc,v
retrieving revision 1.754
retrieving revision 1.755
diff -u -r1.754 -r1.755
--- squid3/src/client_side.cc	18 May 2007 06:41:23 -0000	1.754
+++ squid3/src/client_side.cc	18 May 2007 18:30:41 -0000	1.755
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side.cc,v 1.754 2007/05/18 06:41:23 amosjeffries Exp $
+ * $Id: client_side.cc,v 1.755 2007/05/18 18:30:41 wessels Exp $
  *
  * DEBUG: section 33    Client-side Routines
  * AUTHOR: Duane Wessels
@@ -2279,10 +2279,23 @@
     http->calloutContext = new ClientRequestContext(http);
 
     http->doCallouts();
-
+    
 finish:
     if (!notedUseOfBuffer)
         connNoteUseOfBuffer(conn.getRaw(), http->req_sz);
+
+    /*
+     * DPW 2007-05-18
+     * Moved the TCP_RESET feature from clientReplyContext::sendMoreData
+     * to here because calling comm_reset_close() causes http to
+     * be freed and the above connNoteUseOfBuffer() would hit an
+     * assertion, not to mention that we were accessing freed memory.
+     */
+    if (http->request->flags.resetTCP() && conn->fd > -1) {
+	debugs(33, 3, HERE << "Sending TCP RST on FD " << conn->fd);
+	comm_reset_close(conn->fd);
+	return;
+    }
 }
 
 static void
Index: squid3/src/client_side_reply.cc
===================================================================
RCS file: /cvsroot/squid/squid3/src/client_side_reply.cc,v
retrieving revision 1.127
retrieving revision 1.128
diff -u -r1.127 -r1.128
--- squid3/src/client_side_reply.cc	18 May 2007 06:41:23 -0000	1.127
+++ squid3/src/client_side_reply.cc	18 May 2007 18:30:41 -0000	1.128
@@ -1,6 +1,6 @@
 
 /*
- * $Id: client_side_reply.cc,v 1.127 2007/05/18 06:41:23 amosjeffries Exp $
+ * $Id: client_side_reply.cc,v 1.128 2007/05/18 18:30:41 wessels Exp $
  *
  * DEBUG: section 88    Client-side Reply Routines
  * AUTHOR: Robert Collins (Originally Duane Wessels in client_side.c)
@@ -1922,15 +1922,6 @@
     /* update size of the request */
     reqsize = reqofs;
 
-    if (http->request->flags.resetTCP()) {
-        /* yuck. FIXME: move to client_side.c */
-
-        if (fd != -1)
-            comm_reset_close(fd);
-
-        return;
-    }
-
     if (errorInStream(result, reqofs)) {
         sendStreamError(result);
         return;