[squid-dev] [PATCH] Do not hide important/critical messages

Alex Rousskov rousskov at measurement-factory.com
Mon Mar 28 23:44:42 UTC 2016


    While working on Squid bug 4465 (Header forgery detection leads to
crash), I noticed that Squid may hide important/critical debugs()
messages from the admin if those messages are assembled using code that
also uses debugs(). For example, unpatched Squid console only says:

  2016/03/27 14:19:48.297| SECURITY ALERT: By user agent:
  2016/03/27 14:19:48.297| SECURITY ALERT: on URL: dut70.test:443

A patched Squid produces the expected three console lines:

  2016/03/27 15:25:42| SECURITY ALERT: Host header forgery detected...
  2016/03/27 15:25:42| SECURITY ALERT: By user agent:
  2016/03/27 15:25:42| SECURITY ALERT: on URL: dut70.test:443

The underlying debugs() bug leads to several rather confusing problems.
For example, the unpatched output quoted above has millisecond
timestamps that are not supposed to be there; the hidden lines may
actually be logged into cache.log (but not on the console/stderr or
system log). It took several patch rewrites and many tests to better
understand these side effects (which explains, in part, why the patch
has more cleanup pieces than are strictly necessary to fix the bug in
the subject line).

The attached v3.5 patch fixes the underlying bug and has several
positive side-effects such as faster debugs() performance, no clobbered
messages, and cleaner code. Please see patch preamble for a complete
list of known side effects.

If this v3.5 patch is accepted in principle, I hope somebody volunteers
a trunk port (which should not be difficult).

Thank you,

P.S. This patch is not intended to fix Squid bug 4465.
-------------- next part --------------
A non-text attachment was scrubbed...
Name: reentrant-debug-hides-t6.patch
Type: text/x-diff
Size: 36807 bytes
Desc: not available
URL: <http://lists.squid-cache.org/pipermail/squid-dev/attachments/20160328/9da106cc/attachment-0001.patch>

More information about the squid-dev mailing list