rpms/squid
7
0
Fork 0
Code Issues Pull Requests Releases Activity
c10s
squid/squid-6.10-memleak-http-reply.patch
Luboš Uhliarik 379115153c Resolves: RHEL-169992 - Setting "http_reply_access" in squid.conf 
causes a memory leak
2026-04-29 20:52:48 +00:00

627 lines
23 KiB
Diff
Raw Permalink Blame History

From 75956c6d8c08fb5c046148a75f53400ca3066901 Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Wed, 29 Apr 2026 10:38:46 +0200
Subject: [PATCH] Setting "http_reply_access" in squid.conf causes a memory
leak
Backported https://github.com/squid-cache/squid/pull/1764/
---
src/AclRegs.cc | 4 ++--
src/DelayId.cc | 5 +----
src/HttpHeaderTools.cc | 12 ++----------
src/HttpReply.cc | 3 +--
src/Notes.cc | 6 ++----
src/acl/ConnectionsEncrypted.cc | 4 ++--
src/acl/FilledChecklist.cc | 26 ++++++++++++++++++++------
src/acl/FilledChecklist.h | 17 +++++++++++++++--
src/acl/HttpHeaderData.cc | 10 ++++------
src/acl/HttpHeaderData.h | 4 ++--
src/acl/HttpRepHeader.cc | 5 +++--
src/acl/HttpRepHeader.h | 2 +-
src/acl/HttpReqHeader.cc | 5 +++--
src/acl/HttpReqHeader.h | 2 +-
src/acl/HttpStatus.cc | 2 +-
src/acl/ReplyHeaderStrategy.h | 2 +-
src/acl/ReplyMimeType.h | 3 ++-
src/adaptation/AccessCheck.cc | 5 ++---
src/adaptation/icap/Launcher.cc | 3 +--
src/adaptation/icap/icap_log.cc | 5 +----
src/auth/UserRequest.cc | 3 +--
src/client_side.cc | 24 ++++--------------------
src/client_side_reply.cc | 7 ++-----
src/clients/Client.cc | 5 ++---
src/http.cc | 5 ++---
src/http/Stream.cc | 3 +--
src/neighbors.cc | 6 +-----
27 files changed, 80 insertions(+), 98 deletions(-)
diff --git a/src/AclRegs.cc b/src/AclRegs.cc
index 166e3bd..f38fa01 100644
--- a/src/AclRegs.cc
+++ b/src/AclRegs.cc
@@ -130,8 +130,8 @@ Acl::Init()
RegisterMaker("dstdom_regex", [](TypeName name)->ACL* { return new ACLStrategised<char const *>(new ACLRegexData, new ACLDestinationDomainStrategy, name); });
RegisterMaker("dst", [](TypeName)->ACL* { return new ACLDestinationIP; }); // XXX: Add name parameter to ctor
RegisterMaker("hier_code", [](TypeName name)->ACL* { return new ACLStrategised<hier_code>(new ACLHierCodeData, new ACLHierCodeStrategy, name); });
- RegisterMaker("rep_header", [](TypeName name)->ACL* { return new ACLStrategised<HttpHeader*>(new ACLHTTPHeaderData, new ACLHTTPRepHeaderStrategy, name); });
- RegisterMaker("req_header", [](TypeName name)->ACL* { return new ACLStrategised<HttpHeader*>(new ACLHTTPHeaderData, new ACLHTTPReqHeaderStrategy, name); });
+ RegisterMaker("rep_header", [](TypeName name)->ACL* { return new ACLStrategised<const HttpHeader &>(new ACLHTTPHeaderData, new ACLHTTPRepHeaderStrategy, name); });
+ RegisterMaker("req_header", [](TypeName name)->ACL* { return new ACLStrategised<const HttpHeader &>(new ACLHTTPHeaderData, new ACLHTTPReqHeaderStrategy, name); });
RegisterMaker("http_status", [](TypeName name)->ACL* { return new ACLHTTPStatus(name); });
RegisterMaker("maxconn", [](TypeName name)->ACL* { return new ACLMaxConnection(name); });
RegisterMaker("method", [](TypeName name)->ACL* { return new ACLStrategised<HttpRequestMethod>(new ACLMethodData, new ACLMethodStrategy, name); });
diff --git a/src/DelayId.cc b/src/DelayId.cc
index 0e86d3d..319451a 100644
--- a/src/DelayId.cc
+++ b/src/DelayId.cc
@@ -87,10 +87,7 @@ DelayId::DelayClient(ClientHttpRequest * http, HttpReply *reply)
ACLFilledChecklist ch(DelayPools::delay_data[pool].access, r, nullptr);
clientAclChecklistFill(ch, http);
- if (!ch.reply && reply) {
- ch.reply = reply;
- HTTPMSGLOCK(reply);
- }
+ ch.updateReply(reply);
// overwrite ACLFilledChecklist acl_uses_indirect_client-based decision
#if FOLLOW_X_FORWARDED_FOR
if (Config.onoff.delay_pool_uses_indirect_client)
diff --git a/src/HttpHeaderTools.cc b/src/HttpHeaderTools.cc
index 938f928..b19f6d5 100644
--- a/src/HttpHeaderTools.cc
+++ b/src/HttpHeaderTools.cc
@@ -289,11 +289,7 @@ httpHdrMangle(HttpHeaderEntry * e, HttpRequest * request, HeaderManglers *hms, c
ACLFilledChecklist checklist(hm->access_list, request, nullptr);
- checklist.al = al;
- if (al && al->reply) {
- checklist.reply = al->reply.getRaw();
- HTTPMSGLOCK(checklist.reply);
- }
+ checklist.updateAle(al);
// XXX: The two "It was denied" clauses below mishandle cases with no
// matching rules, violating the "If no rules within the set have matching
@@ -489,11 +485,7 @@ httpHdrAdd(HttpHeader *heads, HttpRequest *request, const AccessLogEntryPointer
{
ACLFilledChecklist checklist(nullptr, request, nullptr);
- checklist.al = al;
- if (al && al->reply) {
- checklist.reply = al->reply.getRaw();
- HTTPMSGLOCK(checklist.reply);
- }
+ checklist.updateAle(al);
for (HeaderWithAclList::const_iterator hwa = headersAdd.begin(); hwa != headersAdd.end(); ++hwa) {
if (!hwa->aclList || checklist.fastCheck(hwa->aclList).allowed()) {
diff --git a/src/HttpReply.cc b/src/HttpReply.cc
index 47597be..ea62618 100644
--- a/src/HttpReply.cc
+++ b/src/HttpReply.cc
@@ -596,8 +596,7 @@ HttpReply::calcMaxBodySize(HttpRequest& request) const
ACLFilledChecklist ch(nullptr, &request, nullptr);
// XXX: cont-cast becomes irrelevant when checklist is HttpReply::Pointer
- ch.reply = const_cast<HttpReply *>(this);
- HTTPMSGLOCK(ch.reply);
+ ch.updateReply(this);
for (AclSizeLimit *l = Config.ReplyBodySize; l; l = l -> next) {
/* if there is no ACL list or if the ACLs listed match use this size value */
if (!l->aclList || ch.fastCheck(l->aclList).allowed()) {
diff --git a/src/Notes.cc b/src/Notes.cc
index cba2c71..460cad1 100644
--- a/src/Notes.cc
+++ b/src/Notes.cc
@@ -70,11 +70,9 @@ bool
Note::match(HttpRequest *request, HttpReply *reply, const AccessLogEntry::Pointer &al, SBuf &matched)
{
ACLFilledChecklist ch(nullptr, request, nullptr);
- ch.al = al;
- ch.reply = reply;
+ ch.updateAle(al);
+ ch.updateReply(reply);
ch.syncAle(request, nullptr);
- if (reply)
- HTTPMSGLOCK(ch.reply);
for (const auto &v: values) {
assert(v->aclList);
diff --git a/src/acl/ConnectionsEncrypted.cc b/src/acl/ConnectionsEncrypted.cc
index 3ae45df..12b7eae 100644
--- a/src/acl/ConnectionsEncrypted.cc
+++ b/src/acl/ConnectionsEncrypted.cc
@@ -55,8 +55,8 @@ Acl::ConnectionsEncrypted::match(ACLChecklist *checklist)
const bool safeRequest =
!(filled->request->sources & Http::Message::srcUnsafe);
- const bool safeReply = !filled->reply ||
- !(filled->reply->sources & Http::Message::srcUnsafe);
+ const bool safeReply = !filled->hasReply() ||
+ !(filled->reply().sources & Http::Message::srcUnsafe);
return (safeRequest && safeReply) ? 1 : 0;
}
diff --git a/src/acl/FilledChecklist.cc b/src/acl/FilledChecklist.cc
index 2855401..bd4b88b 100644
--- a/src/acl/FilledChecklist.cc
+++ b/src/acl/FilledChecklist.cc
@@ -27,7 +27,6 @@ CBDATA_CLASS_INIT(ACLFilledChecklist);
ACLFilledChecklist::ACLFilledChecklist() :
dst_rdns(nullptr),
request (nullptr),
- reply (nullptr),
#if USE_AUTH
auth_user_request (nullptr),
#endif
@@ -54,8 +53,6 @@ ACLFilledChecklist::~ACLFilledChecklist()
HTTPMSGUNLOCK(request);
- HTTPMSGUNLOCK(reply);
-
cbdataReferenceDone(conn_);
debugs(28, 4, "ACLFilledChecklist destroyed " << this);
@@ -107,9 +104,9 @@ ACLFilledChecklist::verifyAle() const
}
}
- if (reply && !al->reply) {
+ if (hasReply() && !al->reply) {
showDebugWarning("HttpReply object");
- al->reply = reply;
+ al->reply = reply_;
}
#if USE_IDENT
@@ -214,7 +211,6 @@ ACLFilledChecklist::markSourceDomainChecked()
ACLFilledChecklist::ACLFilledChecklist(const acl_access *A, HttpRequest *http_request, const char *ident):
dst_rdns(nullptr),
request(nullptr),
- reply(nullptr),
#if USE_AUTH
auth_user_request(nullptr),
#endif
@@ -268,3 +264,21 @@ ACLFilledChecklist::setIdent(const char *ident)
#endif
}
+void
+ACLFilledChecklist::updateAle(const AccessLogEntry::Pointer &a)
+{
+ if (!a)
+ return;
+
+ al = a; // could have been set already (to a different value)
+ if (!request)
+ setRequest(a->request);
+ updateReply(a->reply);
+}
+
+void
+ACLFilledChecklist::updateReply(const HttpReply::Pointer &r)
+{
+ if (r)
+ reply_ = r; // may already be set, including to r
+}
diff --git a/src/acl/FilledChecklist.h b/src/acl/FilledChecklist.h
index 1c289b5..4c3960e 100644
--- a/src/acl/FilledChecklist.h
+++ b/src/acl/FilledChecklist.h
@@ -14,6 +14,8 @@
#include "acl/forward.h"
#include "base/CbcPointer.h"
#include "error/forward.h"
+#include "HttpReply.h"
+#include "HttpRequest.h"
#include "ip/Address.h"
#if USE_AUTH
#include "auth/UserRequest.h"
@@ -42,6 +44,7 @@ public:
void setRequest(HttpRequest *);
/// configure rfc931 user identity for the first time
void setIdent(const char *userIdentity);
+ void updateAle(const AccessLogEntry::Pointer &);
public:
/// The client connection manager
@@ -57,6 +60,14 @@ public:
//int authenticated();
+ /// response added by updateReply()
+ /// \prec hasReply()
+ const HttpReply &reply() const { return *reply_; }
+
+ /// Remembers the given response (if it is not nil) or does nothing
+ /// (otherwise).
+ void updateReply(const HttpReply::Pointer &);
+
bool destinationDomainChecked() const;
void markDestinationDomainChecked();
bool sourceDomainChecked() const;
@@ -64,7 +75,7 @@ public:
// ACLChecklist API
bool hasRequest() const override { return request != nullptr; }
- bool hasReply() const override { return reply != nullptr; }
+ bool hasReply() const override { return reply_ != nullptr; }
bool hasAle() const override { return al != nullptr; }
void syncAle(HttpRequest *adaptedRequest, const char *logUri) const override;
void verifyAle() const override;
@@ -77,7 +88,6 @@ public:
char *dst_rdns;
HttpRequest *request;
- HttpReply *reply;
char rfc931[USER_IDENT_SZ];
#if USE_AUTH
@@ -108,6 +118,9 @@ public:
private:
ConnStateData * conn_; /**< hack for ident and NTLM */
int fd_; /**< may be available when conn_ is not */
+
+ HttpReply::Pointer reply_; ///< response added by updateReply() or nil
+
bool destinationDomainChecked_;
bool sourceDomainChecked_;
/// not implemented; will cause link failures if used
diff --git a/src/acl/HttpHeaderData.cc b/src/acl/HttpHeaderData.cc
index 2db401e..a88ab93 100644
--- a/src/acl/HttpHeaderData.cc
+++ b/src/acl/HttpHeaderData.cc
@@ -36,20 +36,18 @@ ACLHTTPHeaderData::~ACLHTTPHeaderData()
}
bool
-ACLHTTPHeaderData::match(HttpHeader* hdr)
+ACLHTTPHeaderData::match(const HttpHeader &hdr)
{
- if (hdr == nullptr)
- return false;
debugs(28, 3, "aclHeaderData::match: checking '" << hdrName << "'");
String value;
if (hdrId != Http::HdrType::BAD_HDR) {
- if (!hdr->has(hdrId))
+ if (!hdr.has(hdrId))
return false;
- value = hdr->getStrOrList(hdrId);
+ value = hdr.getStrOrList(hdrId);
} else {
- if (!hdr->hasNamed(hdrName, &value))
+ if (!hdr.hasNamed(hdrName, &value))
return false;
}
diff --git a/src/acl/HttpHeaderData.h b/src/acl/HttpHeaderData.h
index 5036d11..fc103eb 100644
--- a/src/acl/HttpHeaderData.h
+++ b/src/acl/HttpHeaderData.h
@@ -14,14 +14,14 @@
#include "sbuf/SBuf.h"
#include "SquidString.h"
-class ACLHTTPHeaderData : public ACLData<HttpHeader*>
+class ACLHTTPHeaderData: public ACLData<const HttpHeader &>
{
MEMPROXY_CLASS(ACLHTTPHeaderData);
public:
ACLHTTPHeaderData();
~ACLHTTPHeaderData() override;
- bool match(HttpHeader* hdr) override;
+ bool match(const HttpHeader &) override;
SBufList dump() const override;
void parse() override;
bool empty() const override;
diff --git a/src/acl/HttpRepHeader.cc b/src/acl/HttpRepHeader.cc
index 819a0e7..530625d 100644
--- a/src/acl/HttpRepHeader.cc
+++ b/src/acl/HttpRepHeader.cc
@@ -13,8 +13,9 @@
#include "HttpReply.h"
int
-ACLHTTPRepHeaderStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+ACLHTTPRepHeaderStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist * const ch)
{
- return data->match (&checklist->reply->header);
+ const auto checklist = Filled(ch);
+ return data->match(checklist->reply().header);
}
diff --git a/src/acl/HttpRepHeader.h b/src/acl/HttpRepHeader.h
index 3257b55..ede1fe9 100644
--- a/src/acl/HttpRepHeader.h
+++ b/src/acl/HttpRepHeader.h
@@ -14,7 +14,7 @@
#include "HttpHeader.h"
/// \ingroup ACLAPI
-class ACLHTTPRepHeaderStrategy : public ACLStrategy<HttpHeader*>
+class ACLHTTPRepHeaderStrategy : public ACLStrategy<const HttpHeader &>
{
public:
diff --git a/src/acl/HttpReqHeader.cc b/src/acl/HttpReqHeader.cc
index 58911ae..742aff2 100644
--- a/src/acl/HttpReqHeader.cc
+++ b/src/acl/HttpReqHeader.cc
@@ -13,8 +13,9 @@
#include "HttpRequest.h"
int
-ACLHTTPReqHeaderStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist *checklist)
+ACLHTTPReqHeaderStrategy::match (ACLData<MatchType> * &data, ACLFilledChecklist * const ch)
{
- return data->match (&checklist->request->header);
+ const auto checklist = Filled(ch);
+ return data->match (checklist->request->header);
}
diff --git a/src/acl/HttpReqHeader.h b/src/acl/HttpReqHeader.h
index c6cdc74..e43866a 100644
--- a/src/acl/HttpReqHeader.h
+++ b/src/acl/HttpReqHeader.h
@@ -13,7 +13,7 @@
#include "HttpHeader.h"
/// \ingroup ACLAPI
-class ACLHTTPReqHeaderStrategy : public ACLStrategy<HttpHeader*>
+class ACLHTTPReqHeaderStrategy : public ACLStrategy<const HttpHeader &>
{
public:
diff --git a/src/acl/HttpStatus.cc b/src/acl/HttpStatus.cc
index 1cda99e..dbead17 100644
--- a/src/acl/HttpStatus.cc
+++ b/src/acl/HttpStatus.cc
@@ -116,7 +116,7 @@ aclParseHTTPStatusList(Splay<acl_httpstatus_data *> **curlist)
int
ACLHTTPStatus::match(ACLChecklist *checklist)
{
- return aclMatchHTTPStatus(&data, Filled(checklist)->reply->sline.status());
+ return aclMatchHTTPStatus(&data, Filled(checklist)->reply().sline.status());
}
int
diff --git a/src/acl/ReplyHeaderStrategy.h b/src/acl/ReplyHeaderStrategy.h
index 7a246b5..424f0a6 100644
--- a/src/acl/ReplyHeaderStrategy.h
+++ b/src/acl/ReplyHeaderStrategy.h
@@ -28,7 +28,7 @@ template <Http::HdrType header>
int
ACLReplyHeaderStrategy<header>::match (ACLData<char const *> * &data, ACLFilledChecklist *checklist)
{
- char const *theHeader = checklist->reply->header.getStr(header);
+ char const *theHeader = checklist->reply().header.getStr(header);
if (nullptr == theHeader)
return 0;
diff --git a/src/acl/ReplyMimeType.h b/src/acl/ReplyMimeType.h
index 8dcd970..28f3f3d 100644
--- a/src/acl/ReplyMimeType.h
+++ b/src/acl/ReplyMimeType.h
@@ -19,7 +19,8 @@ template <>
inline int
ACLReplyHeaderStrategy<Http::HdrType::CONTENT_TYPE>::match(ACLData<char const *> * &data, ACLFilledChecklist *checklist)
{
- char const *theHeader = checklist->reply->header.getStr(Http::HdrType::CONTENT_TYPE);
+ char const *theHeader = checklist->reply().header.getStr(Http::HdrType::CONTENT_TYPE);
+
if (nullptr == theHeader)
theHeader = "";
diff --git a/src/adaptation/AccessCheck.cc b/src/adaptation/AccessCheck.cc
index 279bdc3..35b2dae 100644
--- a/src/adaptation/AccessCheck.cc
+++ b/src/adaptation/AccessCheck.cc
@@ -131,9 +131,8 @@ Adaptation::AccessCheck::checkCandidates()
/* BUG 2526: what to do when r->acl is empty?? */
// XXX: we do not have access to conn->rfc931 here.
acl_checklist = new ACLFilledChecklist(r->acl, filter.request, dash_str);
- if ((acl_checklist->reply = filter.reply))
- HTTPMSGLOCK(acl_checklist->reply);
- acl_checklist->al = filter.al;
+ acl_checklist->updateAle(filter.al);
+ acl_checklist->updateReply(filter.reply);
acl_checklist->syncAle(filter.request, nullptr);
acl_checklist->nonBlockingCheck(AccessCheckCallbackWrapper, this);
return;
diff --git a/src/adaptation/icap/Launcher.cc b/src/adaptation/icap/Launcher.cc
index eed6978..71b8818 100644
--- a/src/adaptation/icap/Launcher.cc
+++ b/src/adaptation/icap/Launcher.cc
@@ -142,8 +142,7 @@ bool Adaptation::Icap::Launcher::canRepeat(Adaptation::Icap::XactAbortInfo &info
ACLFilledChecklist *cl =
new ACLFilledChecklist(TheConfig.repeat, info.icapRequest, dash_str);
- cl->reply = info.icapReply;
- HTTPMSGLOCK(cl->reply);
+ cl->updateReply(info.icapReply);
bool result = cl->fastCheck().allowed();
delete cl;
diff --git a/src/adaptation/icap/icap_log.cc b/src/adaptation/icap/icap_log.cc
index 44522f3..fdfba8d 100644
--- a/src/adaptation/icap/icap_log.cc
+++ b/src/adaptation/icap/icap_log.cc
@@ -61,10 +61,7 @@ void icapLogLog(AccessLogEntry::Pointer &al)
{
if (IcapLogfileStatus == LOG_ENABLE) {
ACLFilledChecklist checklist(nullptr, al->adapted_request, nullptr);
- if (al->reply) {
- checklist.reply = al->reply.getRaw();
- HTTPMSGLOCK(checklist.reply);
- }
+ checklist.updateAle(al);
accessLogLogTo(Config.Log.icaplogs, al, &checklist);
}
}
diff --git a/src/auth/UserRequest.cc b/src/auth/UserRequest.cc
index 3b91676..57a29c5 100644
--- a/src/auth/UserRequest.cc
+++ b/src/auth/UserRequest.cc
@@ -466,8 +466,7 @@ schemesConfig(HttpRequest *request, HttpReply *rep)
{
if (!Auth::TheConfig.schemeLists.empty() && Auth::TheConfig.schemeAccess) {
ACLFilledChecklist ch(nullptr, request, nullptr);
- ch.reply = rep;
- HTTPMSGLOCK(ch.reply);
+ ch.updateReply(rep);
const auto answer = ch.fastCheck(Auth::TheConfig.schemeAccess);
if (answer.allowed())
return Auth::TheConfig.schemeLists.at(answer.kind).authConfigs;
diff --git a/src/client_side.cc b/src/client_side.cc
index b266a3f..f08cb04 100644
--- a/src/client_side.cc
+++ b/src/client_side.cc
@@ -446,31 +446,19 @@ ClientHttpRequest::logRequest()
}
// The al->notes and request->notes must point to the same object.
al->syncNotes(request);
- }
-
- ACLFilledChecklist checklist(nullptr, request, nullptr);
- if (al->reply) {
- checklist.reply = al->reply.getRaw();
- HTTPMSGLOCK(checklist.reply);
- }
-
- if (request) {
HTTPMSGUNLOCK(al->adapted_request);
al->adapted_request = request;
HTTPMSGLOCK(al->adapted_request);
}
+ ACLFilledChecklist checklist(nullptr, request, nullptr);
+ checklist.updateAle(al);
// no need checklist.syncAle(): already synced
- checklist.al = al;
accessLogLog(al, &checklist);
bool updatePerformanceCounters = true;
if (Config.accessList.stats_collection) {
ACLFilledChecklist statsCheck(Config.accessList.stats_collection, request, nullptr);
- statsCheck.al = al;
- if (al->reply) {
- statsCheck.reply = al->reply.getRaw();
- HTTPMSGLOCK(statsCheck.reply);
- }
+ statsCheck.updateAle(al);
updatePerformanceCounters = statsCheck.fastCheck().allowed();
}
@@ -3523,12 +3511,8 @@ clientAclChecklistFill(ACLFilledChecklist &checklist, ClientHttpRequest *http)
checklist.setRequest(http->request);
if (!checklist.al && http->al) {
- checklist.al = http->al;
+ checklist.updateAle(http->al);
checklist.syncAle(http->request, http->log_uri);
- if (!checklist.reply && http->al->reply) {
- checklist.reply = http->al->reply.getRaw();
- HTTPMSGLOCK(checklist.reply);
- }
}
if (const auto conn = http->getConn())
diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc
index e39ab9b..630600b 100644
--- a/src/client_side_reply.cc
+++ b/src/client_side_reply.cc
@@ -840,11 +840,9 @@ clientReplyContext::blockedHit() const
if (http->flags.internal)
return false; // internal content "hits" cannot be blocked
- const auto &rep = http->storeEntry()->mem().freshestReply();
{
std::unique_ptr<ACLFilledChecklist> chl(clientAclChecklistCreate(Config.accessList.sendHit, http));
- chl->reply = const_cast<HttpReply*>(&rep); // ACLChecklist API bug
- HTTPMSGLOCK(chl->reply);
+ chl->updateReply(&http->storeEntry()->mem().freshestReply());
return !chl->fastCheck().allowed(); // when in doubt, block
}
}
@@ -1850,8 +1848,7 @@ clientReplyContext::processReplyAccess ()
/** Process http_reply_access lists */
ACLFilledChecklist *replyChecklist =
clientAclChecklistCreate(Config.accessList.reply, http);
- replyChecklist->reply = reply;
- HTTPMSGLOCK(replyChecklist->reply);
+ replyChecklist->updateReply(reply);
replyChecklist->nonBlockingCheck(ProcessReplyAccessResult, this);
}
diff --git a/src/clients/Client.cc b/src/clients/Client.cc
index 7de6274..d799972 100644
--- a/src/clients/Client.cc
+++ b/src/clients/Client.cc
@@ -555,9 +555,8 @@ Client::blockCaching()
// This relatively expensive check is not in StoreEntry::checkCachable:
// That method lacks HttpRequest and may be called too many times.
ACLFilledChecklist ch(acl, originalRequest().getRaw());
- ch.reply = const_cast<HttpReply*>(&entry->mem().freshestReply()); // ACLFilledChecklist API bug
- HTTPMSGLOCK(ch.reply);
- ch.al = fwd->al;
+ ch.updateAle(fwd->al);
+ ch.updateReply(&entry->mem().freshestReply());
if (!ch.fastCheck().allowed()) { // when in doubt, block
debugs(20, 3, "store_miss prohibits caching");
return true;
diff --git a/src/http.cc b/src/http.cc
index e3f9b4c..71e65b4 100644
--- a/src/http.cc
+++ b/src/http.cc
@@ -773,10 +773,9 @@ HttpStateData::handle1xx(HttpReply *reply)
// check whether the 1xx response forwarding is allowed by squid.conf
if (Config.accessList.reply) {
ACLFilledChecklist ch(Config.accessList.reply, originalRequest().getRaw());
- ch.al = fwd->al;
- ch.reply = reply;
+ ch.updateAle(fwd->al);
+ ch.updateReply(reply);
ch.syncAle(originalRequest().getRaw(), nullptr);
- HTTPMSGLOCK(ch.reply);
if (!ch.fastCheck().allowed()) // TODO: support slow lookups?
return drop1xx("http_reply_access blocked it");
}
diff --git a/src/http/Stream.cc b/src/http/Stream.cc
index 542c293..c3a1508 100644
--- a/src/http/Stream.cc
+++ b/src/http/Stream.cc
@@ -294,8 +294,7 @@ Http::Stream::sendStartOfMessage(HttpReply *rep, StoreIOBuffer bodyData)
for (const auto &pool: MessageDelayPools::Instance()->pools) {
if (pool->access) {
std::unique_ptr<ACLFilledChecklist> chl(clientAclChecklistCreate(pool->access, http));
- chl->reply = rep;
- HTTPMSGLOCK(chl->reply);
+ chl->updateReply(rep);
const auto answer = chl->fastCheck();
if (answer.allowed()) {
writeQuotaHandler = pool->createBucket();
diff --git a/src/neighbors.cc b/src/neighbors.cc
index 628b801..d19e398 100644
--- a/src/neighbors.cc
+++ b/src/neighbors.cc
@@ -170,11 +170,7 @@ peerAllowedToUse(const CachePeer * p, PeerSelector * ps)
return true;
ACLFilledChecklist checklist(p->access, request, nullptr);
- checklist.al = ps->al;
- if (ps->al && ps->al->reply) {
- checklist.reply = ps->al->reply.getRaw();
- HTTPMSGLOCK(checklist.reply);
- }
+ checklist.updateAle(ps->al);
checklist.syncAle(request, nullptr);
return checklist.fastCheck().allowed();
}
--
2.44.0
Reference in New Issue View Git Blame Copy Permalink