Nil request dereference in ACLExtUser and SourceDomainCheck ACLs (#1931)

ACLExtUser-based ACLs (i.e. ext_user and ext_user_regex) dereferenced a nil request pointer when they were used in a context without a request (e.g., when honoring on_unsupported_protocol). SourceDomainCheck-based ACLs (i.e. srcdomain and srcdom_regex) have a similar bug, although we do not know whether broken slow ACL code is reachable without a request (e.g., on_unsupported_protocol tests cannot reach that code until that directive starts supporting slow ACLs). This change does not start to require request presence for these two ACLs to avoid breaking any existing configurations that "work" without one.
squid-cache · Jan 20, 2025 · a3ff3cc · a3ff3cc
1 parent 05139d2
commit a3ff3cc
Show file tree

Hide file tree

Showing 2 changed files with 7 additions and 2 deletions.
diff --git a/src/acl/ExtUser.h b/src/acl/ExtUser.h
@@ -27,6 +27,7 @@ class ACLExtUser : public ACL
     char const *typeString() const override;
     void parse() override;
     int match(ACLChecklist *checklist) override;
+    bool requiresRequest() const override { return true; }
     SBufList dump() const override;
     bool empty () const override;
 

diff --git a/src/acl/SourceDomain.cc b/src/acl/SourceDomain.cc
@@ -36,8 +36,12 @@ SourceDomainLookup::LookupDone(const char *, const Dns::LookupDetails &details,
 {
     ACLFilledChecklist *checklist = Filled((ACLChecklist*)data);
     checklist->markSourceDomainChecked();
-    checklist->request->recordLookup(details);
-    checklist->resumeNonBlockingCheck(SourceDomainLookup::Instance());
+    if (checklist->request)
+        checklist->request->recordLookup(details);
+    else
+        debugs(28, 3, "no request to recordLookup()");
+
+    checklist->resumeNonBlockingCheck();
 }
 
 int