Bug 489956

Summary: URLs longer than 2048 chars cause SEGV on 64bit
Product: Red Hat Enterprise Linux 3 Reporter: Martin Poole <mpoole>
Component: squidAssignee: Jiri Skala <jskala>
Status: CLOSED NEXTRELEASE QA Contact:
Severity: high Docs Contact:
Priority: high    
Version: 3.9CC: aglotov, ovasik, tao
Target Milestone: ---   
Target Release: ---   
Hardware: x86_64   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-05-13 10:30:08 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:
Attachments:
Description Flags
perl reproducer
none
squid cache.log with debugging enabled.
none
This patch fixes the issue for me none

Description Martin Poole 2009-03-12 17:04:01 UTC 
Description of problem:

Long URLs (more the 2048 characters) cause squid to SEGV. The code contains specific length limits for URLs but this a compile time limit and defaults to 4096 chars.  The problem does not occur on 32bit with the same pkg version.

Version-Release number of selected component (if applicable):

squid-2.5.STABLE3-9.3E-x86_64 

How reproducible:

Simple.

Steps to Reproduce:
1. Install squid & httpd on 64bit rhel3
2. run attached reproducer script.
3.
  
Actual results:

Problem 500 EOF instead of reponse status line at length 1 + 2021 + 27

Expected results:

no output.

Additional info:
Comment 1 Martin Poole 2009-03-12 17:04:48 UTC 
Created attachment 334969 [details]
perl reproducer
Comment 2 Martin Poole 2009-03-12 17:06:15 UTC 
Created attachment 334971 [details]
squid cache.log with debugging enabled.
Comment 3 Martin Poole 2009-03-12 17:18:22 UTC 
Additional notes.

This does not occur with RHEL4 & RHEL5 versions.

Core dumps do not give a usable backtrace.

# gdb /usr/sbin/squid core.28659
     GNU gdb Red Hat Linux (6.3.0.0-1.138.el3rh)
     Copyright 2004 Free Software Foundation, Inc.
     GDB is free software, covered by the GNU General Public License, and you are
     welcome to change it and/or distribute copies of it under certain conditions.
     Type "show copying" to see the conditions.
     There is absolutely no warranty for GDB.  Type "show warranty" for details.
     This GDB was configured as "x86_64-redhat-linux-gnu"...(no debugging symbols found)
     Using host libthread_db library "/lib64/tls/libthread_db.so.1".
     (no debugging symbols found)
     
     Core was generated by `(squid) -D'.
     Program terminated with signal 6, Aborted.
     #0  0x0000002a96491745 in ?? ()
     (gdb) where
     #0  0x0000002a96491745 in ?? ()
     #1  0x0000002a96492eb3 in ?? ()
     #2  0x0000000000000020 in ?? ()
     #3  0x0000000000000000 in ?? ()
     (gdb) info reg
     rax            0x0      0
     rbx            0x0      0
     rcx            0xffffffffffffffff       -1
     rdx            0x6      6
     rsi            0x6ff3   28659
     rdi            0x6ff3   28659
     rbp            0x7fbfff8ca0     0x7fbfff8ca0
     rsp            0x7fbfff8b58     0x7fbfff8b58
     r8             0x6ff3   28659
     r9             0x6      6
     r10            0x8      8
     r11            0x206    518
     r12            0x1      1
     r13            0x7fbfff9780     548682045312
     r14            0x7fbfff9930     548682045744
     r15            0x7fbfff92c8     548682044104
     rip            0x2a96491745     0x2a96491745
     eflags         0x206    518
     cs             0x33     51
     ss             0x2b     43
     ds             0x0      0
     es             0x0      0
     fs             0x0      0
     gs             0x0      0
     (gdb)
Comment 6 Jiri Skala 2010-05-05 14:32:43 UTC 
Created attachment 411632 [details]
This patch fixes the issue for me
Comment 11 Ondrej Vasik 2010-05-13 10:38:24 UTC 
As this patch code is used in RHEL-4 version of squid (in fact ifdefed for the case that va_copy() is not supported on system ), closed that next release. Patch seems to be simple and safe, but RHEL-3 is really close to EOL. Update to RHEL-4 or later is recommended, if you want to have this issue fixed.
Comment 12 Ondrej Vasik 2010-05-13 10:42:50 UTC 
http://www2.gr.squid-cache.org/mail-archive/squid-dev/200311/0072.html and http://bugs.squid-cache.org/show_bug.cgi?id=753 for reference of upstream fix.