[squid-users] Squid BUG: assurance failed: tok.skip(WellKnownUrlPathPrefix())

Loučanský Lukáš Loucansky.Lukas at kjj.cz
Tue Sep 12 16:23:18 UTC 2023 

Hello Alex - here is the output of squid -v command:

squid -v
Squid Cache: Version 6.3-20230903-ra9c06aa6a
Service Name: squid
no IPV6

This binary uses OpenSSL 1.1.1n  15 Mar 2022. For legal restrictions on distribution see https://www.openssl.org/source/license.html

configure options:  '--build=x86_64-linux-gnu' '--prefix=/usr' '--includedir=/include' '--mandir=/share/man' '--infodir=/share/info' '--sysconfdir=/etc' '--localstatedir=/var' '--libexecdir=/lib/squid5' '--disable-maintainer-mode' '--disable-silent-rules' '--datadir=/usr/share/squid5' '--sysconfdir=/etc/squid5' '--mandir=/usr/share/man' '--enable-build-info=no IPV6' '--enable-inline' '--enable-arp-acl' '--disable-wccp' '--disable-wccp2' '--disable-htcp--disable-arch-native' '--disable-ipv6' '--enable-optimizations' '--enable-storeio=ufs,aufs,diskd,rock' '--enable-removal-policies=lru,heap' '--enable-delay-pools' '--enable-cache-digests' '--enable-icap-client' '--enable-follow-x-forwarded-for' '--enable-auth-basic=DB,fake,getpwnam,LDAP,NCSA,NIS,PAM,POP3,RADIUS,SASL,SMB' '--enable-auth-digest=file,LDAP' '--enable-auth-negotiate=kerberos,wrapper' '--enable-auth-ntlm=fake,SMB_LM' '--enable-external-acl-helpers=file_userip,kerberos_ldap_group,LDAP_group,session,SQL_session,time_quota,unix_group,wbinfo_group' '--enable-url-rewrite-helpers=fake' '--enable-security-cert-validators=fake' '--enable-storeid-rewrite-helpers=file' '--enable-eui' '--enable-esi' '--enable-icmp' '--enable-zph-qos' '--enable-ecap' '--enable-snmp' '--disable-ident-lookups' '--disable-translation' '--with-swapdir=/var/spool/squid5' '--with-logdir=/var/log/squid5' '--with-pidfile=/var/run/squid5.pid' '--with-large-files' '--with-default-user=proxy' '--with-openssl' '--with-filedescriptors=8192' '--enable-ssl-crtd' '--enable-security-cert-generators' '--enable-security-cert-validators' '--enable-linux-netfilter' '--enable-stacktraces' 'PKG_CONFIG_PATH=:/usr/local/lib/pkgconfig:/usr/lib64/pkgconfig:/usr/share/pkgconfig' 'CFLAGS=-g -O2 -m64 -fPIE -fstack-protector-strong -Wformat -Werror=format-security -Wall' 'LDFLAGS=-fPIE -pie -Wl,-z,relro -Wl,-z,now' 'CPPFLAGS=-D_FORTIFY_SOURCE=2' 'CXXFLAGS=-g -O2 -m64 -fPIE -fstack-protector-strong -Wformat -Werror=format-security' 'build_alias=x86_64-linux-gnu'

Please note two things - I was using 5.x branch for some time (ie. squid5 prefix) and lately did upgrade to 6.x as the developers said 5.x is EOL/not maintained, I do not have native ipv6 so I had some tun6to4 tunel to closed broker - so now I do not have ipv6 connectivity. So I decided to set --disable-ipv6 for now.

I have gcc
 gcc -v
Using built-in specs.
COLLECT_GCC=gcc
COLLECT_LTO_WRAPPER=/usr/lib/gcc/x86_64-linux-gnu/8/lto-wrapper
OFFLOAD_TARGET_NAMES=nvptx-none
OFFLOAD_TARGET_DEFAULT=1
Target: x86_64-linux-gnu
Configured with: ../src/configure -v --with-pkgversion='Debian 8.3.0-6' --with-bugurl=file:///usr/share/doc/gcc-8/README.Bugs --enable-languages=c,ada,c++,go,brig,d,fortran,objc,obj-c++ --prefix=/usr --with-gcc-major-version-only --program-suffix=-8 --program-prefix=x86_64-linux-gnu- --enable-shared --enable-linker-build-id --libexecdir=/usr/lib --without-included-gettext --enable-threads=posix --libdir=/usr/lib --enable-nls --enable-bootstrap --enable-clocale=gnu --enable-libstdcxx-debug --enable-libstdcxx-time=yes --with-default-libstdcxx-abi=new --enable-gnu-unique-object --disable-vtable-verify --enable-libmpx --enable-plugin --enable-default-pie --with-system-zlib --with-target-system-zlib --enable-objc-gc=auto --enable-multiarch --disable-werror --with-arch-32=i686 --with-abi=m64 --with-multilib-list=m32,m64,mx32 --enable-multilib --with-tune=generic --enable-offload-targets=nvptx-none --without-cuda-driver --enable-checking=release --build=x86_64-linux-gnu --host=x86_64-linux-gnu --target=x86_64-linux-gnu
Thread model: posix
gcc version 8.3.0 (Debian 8.3.0-6)

with Debian 10 x64

LL


-----Původní zpráva-----
Od: squid-users za uživatele Alex Rousskov
Odesláno: út 12.9.2023 16:48
Komu: squid-users at lists.squid-cache.org
Předmět: Re: [squid-users] Squid BUG: assurance failed: tok.skip(WellKnownUrlPathPrefix())
 
On 2023-09-12 10:21, Loučanský Lukáš wrote:
> today I was going to compile a new version of my beloved squid 
> proxy (v6.3 or 6.3-20230903-ra9c06aa6a)

FWIW, "was going to compile" part does not make it clear (to me) whether 
you did actually compile/test v6.3.


> just to be welcomed by non 
> working older configmgr.cgi and [debian package installed] squidclient 
> (v4.6). After replacing squidclient with (compiled with squid) version 
> 6.3 it's still not working, giving me accesss denied page.
> 
> My cache.log contains these bug info lines:
> 
> 023/09/12 16:07:03 kid3| ERROR: Squid BUG: assurance failed: 
> tok.skip(WellKnownUrlPathPrefix())
>      exception location: cache_manager.cc(193) ParseUrl


If the above output is from Squid v6.3, then you may have found a v6.3 
problem that we do not know about. Please share the HTTP request that 
triggers the above output.

Otherwise, please try to upgrade to Squid v6.3 because its commit 
6695897 is meant to fix a v6.1 bug with the above symptoms.


Thank you,

Alex.


>      current master transaction: master469155
> 2023/09/12 16:07:03 kid3| ERROR: Squid BUG: assurance failed: 
> tok.skip(WellKnownUrlPathPrefix())
>      exception location: cache_manager.cc(193) ParseUrl
>      current master transaction: master469155
> 
> In the file src/cache_manager.cc there is this
> 
> const SBuf &
> CacheManager::WellKnownUrlPathPrefix()
> {
>      static const SBuf prefix("/squid-internal-mgr/");
>      return prefix;
> }
> 
> and on the line 193 is this assure (after tok tokenizer)
> 
>   Parser::Tokenizer tok(uri.path());
> 
>      Assure(tok.skip(WellKnownUrlPathPrefix()));
> 
> Is there something wrong with my config I should change after 6.2 to 6.3 
> upgrade? I have some classic http_access manager allow ... and 
> http_access manager deny lines. No definition what [acl] manager means.
> 
> I have found some mentions here 
> https://github.com/squid-cache/squid/blob/master/ChangeLog and somewhere 
> inside the commit / review git hub section for squid. But nothing says 
> what to do make it work right. Besides this it seems squid as a proxy 
> works fine...
> 
> Thanks
> 
> Lukas
> 
> 
> 
> _______________________________________________
> squid-users mailing list
> squid-users at lists.squid-cache.org
> https://lists.squid-cache.org/listinfo/squid-users

_______________________________________________
squid-users mailing list
squid-users at lists.squid-cache.org
https://lists.squid-cache.org/listinfo/squid-users


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://lists.squid-cache.org/pipermail/squid-users/attachments/20230912/da449f18/attachment.htm>

More information about the squid-users mailing list