You are viewing a plain text version of this content. The canonical link for it is here.
Posted to issues@trafficserver.apache.org by "Phil Sorber (JIRA)" <ji...@apache.org> on 2016/11/07 17:39:58 UTC
[jira] [Updated] (TS-4697) MIOBuffer is not freed if ipallow check
fails in HttpSessionAccept::accept()
[ https://issues.apache.org/jira/browse/TS-4697?page=com.atlassian.jira.plugin.system.issuetabpanels:all-tabpanel ]
Phil Sorber updated TS-4697:
----------------------------
Fix Version/s: 6.2.1
> MIOBuffer is not freed if ipallow check fails in HttpSessionAccept::accept()
> ----------------------------------------------------------------------------
>
> Key: TS-4697
> URL: https://issues.apache.org/jira/browse/TS-4697
> Project: Traffic Server
> Issue Type: Bug
> Components: HTTP, Network
> Reporter: Oknet Xu
> Assignee: Oknet Xu
> Fix For: 6.2.1, 7.0.0
>
> Time Spent: 5h
> Remaining Estimate: 0h
>
> {code}
> void
> HttpSessionAccept::accept(NetVConnection *netvc, MIOBuffer *iobuf, IOBufferReader *reader)
> {
> sockaddr const *client_ip = netvc->get_remote_addr();
> const AclRecord *acl_record = NULL;
> ip_port_text_buffer ipb;
> IpAllow::scoped_config ipallow;
> // The backdoor port is now only bound to "localhost", so no
> // reason to check for if it's incoming from "localhost" or not.
> if (backdoor) {
> acl_record = IpAllow::AllMethodAcl();
> } else if (ipallow && (((acl_record = ipallow->match(client_ip)) == NULL) || (acl_record->isEmpty()))) {
> ////////////////////////////////////////////////////
> // if client address forbidden, close immediately //
> ////////////////////////////////////////////////////
> Warning("client '%s' prohibited by ip-allow policy", ats_ip_ntop(client_ip, ipb, sizeof(ipb)));
> netvc->do_io_close();
> return; // -----------------> MIOBuffer did not free.
> }
> ...
> {code}
--
This message was sent by Atlassian JIRA
(v6.3.4#6332)