You are viewing a plain text version of this content. The canonical link for it is here.

Posted to issues@trafficserver.apache.org by "ASF GitHub Bot (JIRA)" <ji...@apache.org> on 2016/08/01 10:00:25 UTC

[jira] [Work logged] (TS-4697) MIOBuffer is not freed if ipallow check fails in HttpSessionAccept::accept()

     [ https://issues.apache.org/jira/browse/TS-4697?focusedWorklogId=26117&page=com.atlassian.jira.plugin.system.issuetabpanels:worklog-tabpanel#worklog-26117 ]

ASF GitHub Bot logged work on TS-4697:
--------------------------------------

                Author: ASF GitHub Bot
            Created on: 01/Aug/16 10:00
            Start Date: 01/Aug/16 10:00
    Worklog Time Spent: 10m 
      Work Description: Github user oknet commented on the issue:

    https://github.com/apache/trafficserver/pull/823
  
    @jpeach SessionAccept is a interface to create ClientSession. Its mutex is NULL, it is not safe to release any resource. The caller to SessionAccept is Trampline that mutex is copy from NetVC, it is safe to handle resource release. This is why I'm free MIOBuffer in Trampline.


Issue Time Tracking
-------------------

    Worklog Id:     (was: 26117)
    Time Spent: 1.5h  (was: 1h 20m)

> MIOBuffer is not freed if ipallow check fails in HttpSessionAccept::accept()
> ----------------------------------------------------------------------------
>
>                 Key: TS-4697
>                 URL: https://issues.apache.org/jira/browse/TS-4697
>             Project: Traffic Server
>          Issue Type: Bug
>          Components: HTTP, Network
>            Reporter: Oknet Xu
>            Assignee: Oknet Xu
>             Fix For: 7.0.0
>
>          Time Spent: 1.5h
>  Remaining Estimate: 0h
>
> {code}
> void
> HttpSessionAccept::accept(NetVConnection *netvc, MIOBuffer *iobuf, IOBufferReader *reader)
> {
>   sockaddr const *client_ip = netvc->get_remote_addr();
>   const AclRecord *acl_record = NULL;
>   ip_port_text_buffer ipb;
>   IpAllow::scoped_config ipallow;
>   // The backdoor port is now only bound to "localhost", so no
>   // reason to check for if it's incoming from "localhost" or not.
>   if (backdoor) {
>     acl_record = IpAllow::AllMethodAcl();
>   } else if (ipallow && (((acl_record = ipallow->match(client_ip)) == NULL) || (acl_record->isEmpty()))) {
>     ////////////////////////////////////////////////////
>     // if client address forbidden, close immediately //
>     ////////////////////////////////////////////////////
>     Warning("client '%s' prohibited by ip-allow policy", ats_ip_ntop(client_ip, ipb, sizeof(ipb)));
>     netvc->do_io_close();
>     return;   // ----------------->  MIOBuffer did not free.
>   }
> ...
> {code}



--
This message was sent by Atlassian JIRA
(v6.3.4#6332)