Fwd: Squid ICAP client problems

From: Henrik Nordstrom <hno@dont-contact.us>
Date: Mon, 9 Jun 2003 22:42:45 +0200

---------- Forwarded Message ----------

Subject: FW: Squid ICAP client problems
Date: Mon, 09 Jun 2003 14:35:27 -0400
From: "Rosenbaum, Larry M." <rosenbaumlm@ornl.gov>
To: squid-bugs@squid-cache.org

Could you please forward this to the Squid ICAP developers, or tell
 me whom to contact?

Thanks, Larry

-----Original Message-----
From: Rosenbaum, Larry M.
Sent: Thursday, June 05, 2003 12:57 PM
To: 'geetha.manjunath@hp.com'; 'ralf.horstmann@webwasher.com'
Subject: Squid ICAP client problems

Are you still involved with Squid ICAP client development? I have
 been trying to use the Squid ICAP patch (v1.2.1 with Squid 2.5) to
 do virus scanning and have discovered the following two problems:

1) (icap.c) There is a problem with the way icapRespModReadReply()
 tries to read the ICAP header without reading past the header. The
 current code does a recv() with the MSG_PEEK flag and a read_sz of
 256 bytes, and if the buffer doesn't contain a double CRLF it
 doubles the read_sz and tries again. The problem with this approach
 is that it takes time for the socket to receive more bytes, and
 there is nothing in the loop to ensure that more bytes are read.
 For example,

try #1 read_sz = 256, len = 38
try #2 read_sz = 512, len = 38 (i.e. it reads the same 38 bytes
 again) try #3 read_sz = 1024, len = 38
...
try #n read_sz = max, len = 38

so it is possible to exit the loop after many iterations without
 reading any more bytes than you got on the first try. One possible
 fix would be to turn off MSG_PEEK and read repeatedly until you get
 to the end of the headers, and then pass the extra bytes to the
 function that parses the rest of the message, but I don't know if
 the code structure permits this.

The same issue probably applies to icapReqModReadReply().

2) (cache_cf.c) If you don't have a "icap_class" line in the config
file, squid will crash if you do a "-k reconfigure". This is because
the class structure has an element with a null iter->name. Here is
 one possible fix:

*** cache_cf.c.030603 Mon Jun 2 13:47:54 2003
--- cache_cf.c Tue Jun 3 12:48:16 2003
***************
*** 2291,2297 ****
  {
      icap_service *iter;
      for (iter = Config.icapcfg.service_head; iter; iter =
 iter->next) {
! if (! strcmp(name, iter->name)) {
            return iter;
        }
      }
--- 2291,2297 ----
  {
      icap_service *iter;
      for (iter = Config.icapcfg.service_head; iter; iter =
 iter->next) {
! if ((iter->name) && (!strcmp(name, iter->name))) {
            return iter;
        }
      }
***************
*** 2432,2438 ****
  {
      icap_class *iter;
      for (iter = Config.icapcfg.class_head; iter; iter = iter->next)
 { ! if ((!strcmp(name, iter->name)) && (!iter->hidden)) {
 return iter;
        }
      }
--- 2432,2438 ----
  {
      icap_class *iter;
      for (iter = Config.icapcfg.class_head; iter; iter = iter->next)
 { ! if ((iter->name) && (!strcmp(name, iter->name)) &&
(!iter->hidden)) {
            return iter;
        }
      }

 If you are not the correct people to report these bugs to, please
 pass this along or tell me who to send it to.

Do you know of any virus scanning ICAP servers that work with the
 Squid ICAP client?

Thanks, Larry

-------------------------------------------------------
Received on Mon Jun 09 2003 - 15:41:45 MDT

This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:07 MST