[TS-4697] MIOBuffer is not freed if ipallow check fails in HttpSessionAccept::accept() - ASF JIRA

XML

Word

Printable

JSON

Details

Type: Bug
Status: Closed
Priority: Major
Resolution: Fixed
Affects Version/s: None
Fix Version/s: 6.2.1, 7.0.0
Component/s: HTTP, Network
Labels:
None

Description

void
HttpSessionAccept::accept(NetVConnection *netvc, MIOBuffer *iobuf, IOBufferReader *reader)
{
  sockaddr const *client_ip = netvc->get_remote_addr();
  const AclRecord *acl_record = NULL;
  ip_port_text_buffer ipb;
  IpAllow::scoped_config ipallow;

  // The backdoor port is now only bound to "localhost", so no
  // reason to check for if it's incoming from "localhost" or not.
  if (backdoor) {
    acl_record = IpAllow::AllMethodAcl();
  } else if (ipallow && (((acl_record = ipallow->match(client_ip)) == NULL) || (acl_record->isEmpty()))) {
    ////////////////////////////////////////////////////
    // if client address forbidden, close immediately //
    ////////////////////////////////////////////////////
    Warning("client '%s' prohibited by ip-allow policy", ats_ip_ntop(client_ip, ipb, sizeof(ipb)));
    netvc->do_io_close();

    return;   // ----------------->  MIOBuffer did not free.
  }
...

Attachments

Issue Links

links to

GitHub Pull Request #823

GitHub Pull Request #1200

Activity

People

Assignee:: Chao Xu

Reporter:: Chao Xu

Votes:: 0 Vote for this issue

Watchers:: 3 Start watching this issue

Dates

Created:: 23/Jul/16 10:08

Updated:: 07/Nov/16 23:27

Resolved:: 18/Aug/16 22:28

Time Tracking

Estimated:

Not Specified

Remaining:

Logged: