---------------------
PatchSet 10240 
Date: 2007/12/14 06:30:49
Author: adri
Branch: s27_adri
Tag: (none) 
Log:
use a temporary NUL-termed buffer in header matching regex ACL code - the underlying buffer isn't NUL terminated anymore.

This should be repaired down the track but unfortunately POSIX regex doesn't let you pass in the string length
as an option. The PCRE library does though!

Members: 
	ADRIAN_TODO:1.1.2.7->1.1.2.8 
	src/acl.c:1.90.12.1->1.90.12.2 

Index: squid/ADRIAN_TODO
===================================================================
RCS file: /cvsroot/squid-sf//squid/Attic/ADRIAN_TODO,v
retrieving revision 1.1.2.7
retrieving revision 1.1.2.8
diff -u -r1.1.2.7 -r1.1.2.8
--- squid/ADRIAN_TODO	13 Dec 2007 12:19:22 -0000	1.1.2.7
+++ squid/ADRIAN_TODO	14 Dec 2007 06:30:49 -0000	1.1.2.8
@@ -53,3 +53,6 @@
 * Find all the places where using StringMap is possible - lookups for
   whitespace, escaping characters, etc.
 
+* aclMatchHeader() takes a temporary copy of the header string to compare against
+  so it can run regexec() over the NUL-terminated string. This is temporary and
+  really should be readdressed at a later date.
Index: squid/src/acl.c
===================================================================
RCS file: /cvsroot/squid-sf//squid/src/acl.c,v
retrieving revision 1.90.12.1
retrieving revision 1.90.12.2
diff -u -r1.90.12.1 -r1.90.12.2
--- squid/src/acl.c	10 Dec 2007 08:56:50 -0000	1.90.12.1
+++ squid/src/acl.c	14 Dec 2007 06:30:49 -0000	1.90.12.2
@@ -1,6 +1,6 @@
 
 /*
- * $Id: acl.c,v 1.90.12.1 2007/12/10 08:56:50 adri Exp $
+ * $Id: acl.c,v 1.90.12.2 2007/12/14 06:30:49 adri Exp $
  *
  * DEBUG: section 28    Access Control
  * AUTHOR: Duane Wessels
@@ -722,6 +722,7 @@
 aclMatchHeader(acl_hdr_data * hdrs, const HttpHeader * hdr)
 {
     acl_hdr_data *hd;
+    char *s;
     for (hd = hdrs; hd; hd = hd->next) {
 	int ret;
 	String header;
@@ -729,9 +730,12 @@
 	    header = httpHeaderGetStrOrList(hdr, hd->hdr_id);
 	else
 	    header = httpHeaderGetByName(hdr, hd->hdr_name);
-	if (!strBuf(header))
+	if (strIsNull(header))
 	    continue;
-	ret = aclMatchRegex(hd->reglist, strBuf(header));
+        /* XXX take a temporary copy that can be NUL terminated; regexec() requires it! */
+        s = strCDup(header); 
+	ret = aclMatchRegex(hd->reglist, s);
+        xfree(s);
 	stringClean(&header);
 	if (ret)
 	    return 1;