---------- Forwarded Message ----------
Subject: FW: Squid ICAP client problems
Date: Mon, 09 Jun 2003 14:35:27 -0400
From: "Rosenbaum, Larry M." <rosenbaumlm@ornl.gov>
To: squid-bugs@squid-cache.org
Could you please forward this to the Squid ICAP developers, or tell
me whom to contact?
Thanks, Larry
-----Original Message-----
From: Rosenbaum, Larry M.
Sent: Thursday, June 05, 2003 12:57 PM
To: 'geetha.manjunath@hp.com'; 'ralf.horstmann@webwasher.com'
Subject: Squid ICAP client problems
Are you still involved with Squid ICAP client development? I have
been trying to use the Squid ICAP patch (v1.2.1 with Squid 2.5) to
do virus scanning and have discovered the following two problems:
1) (icap.c) There is a problem with the way icapRespModReadReply()
tries to read the ICAP header without reading past the header. The
current code does a recv() with the MSG_PEEK flag and a read_sz of
256 bytes, and if the buffer doesn't contain a double CRLF it
doubles the read_sz and tries again. The problem with this approach
is that it takes time for the socket to receive more bytes, and
there is nothing in the loop to ensure that more bytes are read.
For example,
try #1 read_sz = 256, len = 38
try #2 read_sz = 512, len = 38 (i.e. it reads the same 38 bytes
again) try #3 read_sz = 1024, len = 38
...
try #n read_sz = max, len = 38
so it is possible to exit the loop after many iterations without
reading any more bytes than you got on the first try. One possible
fix would be to turn off MSG_PEEK and read repeatedly until you get
to the end of the headers, and then pass the extra bytes to the
function that parses the rest of the message, but I don't know if
the code structure permits this.
The same issue probably applies to icapReqModReadReply().
2) (cache_cf.c) If you don't have a "icap_class" line in the config
file, squid will crash if you do a "-k reconfigure". This is because
the class structure has an element with a null iter->name. Here is
one possible fix:
*** cache_cf.c.030603 Mon Jun 2 13:47:54 2003
--- cache_cf.c Tue Jun 3 12:48:16 2003
***************
*** 2291,2297 ****
{
icap_service *iter;
for (iter = Config.icapcfg.service_head; iter; iter =
iter->next) {
! if (! strcmp(name, iter->name)) {
return iter;
}
}
--- 2291,2297 ----
{
icap_service *iter;
for (iter = Config.icapcfg.service_head; iter; iter =
iter->next) {
! if ((iter->name) && (!strcmp(name, iter->name))) {
return iter;
}
}
***************
*** 2432,2438 ****
{
icap_class *iter;
for (iter = Config.icapcfg.class_head; iter; iter = iter->next)
{ ! if ((!strcmp(name, iter->name)) && (!iter->hidden)) {
return iter;
}
}
--- 2432,2438 ----
{
icap_class *iter;
for (iter = Config.icapcfg.class_head; iter; iter = iter->next)
{ ! if ((iter->name) && (!strcmp(name, iter->name)) &&
(!iter->hidden)) {
return iter;
}
}
If you are not the correct people to report these bugs to, please
pass this along or tell me who to send it to.
Do you know of any virus scanning ICAP servers that work with the
Squid ICAP client?
Thanks, Larry
-------------------------------------------------------
Received on Mon Jun 09 2003 - 15:41:45 MDT
This archive was generated by hypermail pre-2.1.9 : Tue Dec 09 2003 - 16:20:07 MST