Package: squid3 / 3.4.8-6

32-squid-3.4-13210.patch Patch series | download
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
From: Luigi Gangitano <luigi@debian.org>
Date: Wed, 28 Jan 2015 12:28:51 +0100
Subject: squid-3.4-13210.patch Fixes excessive NTLM or Negotiate auth helper
 annotations, which lead to excessive CPU and memory use

---
 src/Notes.cc                      | 15 +++++++++++++++
 src/Notes.h                       |  5 +++++
 src/auth/digest/UserRequest.cc    |  2 ++
 src/auth/negotiate/UserRequest.cc |  2 ++
 src/auth/ntlm/UserRequest.cc      |  2 ++
 5 files changed, 26 insertions(+)

diff --git a/src/Notes.cc b/src/Notes.cc
index 0003956..13d530e 100644
--- a/src/Notes.cc
+++ b/src/Notes.cc
@@ -189,6 +189,21 @@ NotePairs::add(const char *key, const char *note)
 }
 
 void
+NotePairs::remove(const char *key)
+{
+    Vector<NotePairs::Entry *>::iterator i = entries.begin();
+    while (i != entries.end()) {
+        if ((*i)->name.cmp(key) == 0) {
+            NotePairs::Entry *e = (*i);
+            entries.prune(e);
+            delete e;
+            i = entries.begin(); // vector changed underneath us
+        } else
+            ++i;
+    }
+}
+
+void
 NotePairs::addStrList(const char *key, const char *values)
 {
     String strValues(values);
diff --git a/src/Notes.h b/src/Notes.h
index 47950d4..401c8b9 100644
--- a/src/Notes.h
+++ b/src/Notes.h
@@ -155,6 +155,11 @@ public:
     void add(const char *key, const char *value);
 
     /**
+     * Remove all notes with a given key.
+     */
+    void remove(const char *key);
+
+    /**
      * Adds a note key and values strList to the notes list.
      * If the key name already exists in list, add the new values to its set
      * of values.
diff --git a/src/auth/digest/UserRequest.cc b/src/auth/digest/UserRequest.cc
index f625bd8..9107d73 100644
--- a/src/auth/digest/UserRequest.cc
+++ b/src/auth/digest/UserRequest.cc
@@ -298,6 +298,8 @@ Auth::Digest::UserRequest::HandleReply(void *data, const HelperReply &reply)
     // add new helper kv-pair notes to the credentials object
     // so that any transaction using those credentials can access them
     auth_user_request->user()->notes.appendNewOnly(&reply.notes);
+    // remove any private credentials detail which got added.
+    auth_user_request->user()->notes.remove("ha1");
 
     static bool oldHelperWarningDone = false;
     switch (reply.result) {
diff --git a/src/auth/negotiate/UserRequest.cc b/src/auth/negotiate/UserRequest.cc
index 086da9f..64cffc9 100644
--- a/src/auth/negotiate/UserRequest.cc
+++ b/src/auth/negotiate/UserRequest.cc
@@ -229,6 +229,8 @@ Auth::Negotiate::UserRequest::HandleReply(void *data, const HelperReply &reply)
     // add new helper kv-pair notes to the credentials object
     // so that any transaction using those credentials can access them
     auth_user_request->user()->notes.appendNewOnly(&reply.notes);
+    // remove any private credentials detail which got added.
+    auth_user_request->user()->notes.remove("token");
 
     Auth::Negotiate::UserRequest *lm_request = dynamic_cast<Auth::Negotiate::UserRequest *>(auth_user_request.getRaw());
     assert(lm_request != NULL);
diff --git a/src/auth/ntlm/UserRequest.cc b/src/auth/ntlm/UserRequest.cc
index 4ce04eb..ebfe895 100644
--- a/src/auth/ntlm/UserRequest.cc
+++ b/src/auth/ntlm/UserRequest.cc
@@ -223,6 +223,8 @@ Auth::Ntlm::UserRequest::HandleReply(void *data, const HelperReply &reply)
     // add new helper kv-pair notes to the credentials object
     // so that any transaction using those credentials can access them
     auth_user_request->user()->notes.appendNewOnly(&reply.notes);
+    // remove any private credentials detail which got added.
+    auth_user_request->user()->notes.remove("token");
 
     Auth::Ntlm::UserRequest *lm_request = dynamic_cast<Auth::Ntlm::UserRequest *>(auth_user_request.getRaw());
     assert(lm_request != NULL);