Has anyone had a problem with this version of Squid, we are using Centos4, and this is the latest package of squid. The problem occurs when a host attempts to make a SSL connection that involves a reverse DNS lookup, it will cause squid to crash. I ran squid with the "-d 10" option to find out what happens, and this is the error i get.
How you reproduce this error is, find a SSL enabled website, get the IP address and type into your browser, https://<ipaddress>/ and this will produce the error
(squid): rfc1035.c:417: rfc1035RRUnpack: Assertion `(*off) <= sz' failed.
Squid will then proceed to restart itself.
Has anyone else found this problem?
Regards,
Peter K
Yap, it's been there for a LONG time, and there is bug in RH bugzilla. I've been running a pre update 2 squid for this reason alone for like 6-12 months now (squid-2.5.STABLE6-3.4E.5.i386 works). I'm not sure if it was finally fixed, I think they found the bug and there are some experimental packages that have it fixed, but I haven't had the time to check...
Cheers, MaZe.
Has anyone had a problem with this version of Squid, we are using Centos4, and this is the latest package of squid. The problem occurs when a host attempts to make a SSL connection that involves a reverse DNS lookup, it will cause squid to crash. I ran squid with the "-d 10" option to find out what happens, and this is the error i get.
How you reproduce this error is, find a SSL enabled website, get the IP address and type into your browser, https://<ipaddress>/ and this will produce the error
(squid): rfc1035.c:417: rfc1035RRUnpack: Assertion `(*off) <= sz' failed.
Squid will then proceed to restart itself.
Then you're lucky - mine just crashes and dies (after enough restarts)~...
On 1/12/06, Maciej Żenczykowski maze@cela.pl wrote:
Yap, it's been there for a LONG time, and there is bug in RH bugzilla. I've been running a pre update 2 squid for this reason alone for like 6-12 months now (squid-2.5.STABLE6-3.4E.5.i386 works). I'm not sure if it was finally fixed, I think they found the bug and there are some experimental packages that have it fixed, but I haven't had the time to check...
If you're using the centos testing repository ( http://dev.centos.org/centos/4/CentOS-Testing.repo ) There are updated squid packages there. These packages are 2.5.STABLE11-3, so they're not the newest, but they may fix your problem. You might want to give them a try. Keep in mind that these are testing, and have not made it into centosplus yet so I wouldn't recommend slapping them immediately on a production box with magical hopes.
-- Jim Perrin System Architect - UIT Ft Gordon & US Army Signal Center
Maciej Zenczykowski wrote:
Yap, it's been there for a LONG time, and there is bug in RH bugzilla. I've been running a pre update 2 squid for this reason alone for like 6-12 months now (squid-2.5.STABLE6-3.4E.5.i386 works). I'm not sure if it was finally fixed, I think they found the bug and there are some experimental packages that have it fixed, but I haven't had the time to check...
I assume you mean this bug: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=163052
If you actually read all the comments you'll find links to here: http://people.redhat.com/stransky/squid/ ...and you'll find a release candidate rpm for RHE4U3 (not the experimental package, the "Packages planned for next update"), which says it fixes that bug. Use that one.
Greg
On 1/12/06, Greg Swallow - SkyNet gregswallow@skynetonline.ca wrote:
If you actually read all the comments you'll find links to here: http://people.redhat.com/stransky/squid/ ...and you'll find a release candidate rpm for RHE4U3 (not the experimental package, the "Packages planned for next update"), which says it fixes that bug. Use that one.
Greg
The latest package on that page is squid-2.5.STABLE6-3.4E.11.RC2 when CentOS 4 has squid-2.5.STABLE6-3.4E.11. I don't get how that would help. This is as of Feb 12th 2006. I still have a flaky squid install and I'm pulling my hair out over it.
My problem sounds more like this: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165367
Anyway, both bugs point to that stransky/squid/ page so that's why I ask about the packages age.
From the logs:
Feb 3 15:02:41 squid squid[18661]: Squid Parent: child process 21157 exited due to signal 6 Feb 3 15:02:45 squid squid[18661]: Squid Parent: child process 21417 started Feb 3 15:08:34 squid squid[18661]: Squid Parent: child process 21417 exited due to signal 6 Feb 3 15:08:37 squid squid[18661]: Squid Parent: child process 21556 started Feb 3 15:09:19 squid squid[18661]: Squid Parent: child process 21556 exited due to signal 6 Feb 3 15:09:22 squid squid[18661]: Squid Parent: child process 21634 started Feb 3 15:09:23 squid squid[18661]: Squid Parent: child process 21634 exited due to signal 6 Feb 3 15:09:26 squid squid[18661]: Squid Parent: child process 21692 started Feb 3 15:09:28 squid squid[18661]: Squid Parent: child process 21692 exited due to signal 6 Feb 3 15:09:31 squid squid[18661]: Squid Parent: child process 21740 started Feb 3 15:09:48 squid squid[18661]: Squid Parent: child process 21740 exited due to signal 6 Feb 3 15:09:51 squid squid[18661]: Squid Parent: child process 21818 started Feb 3 15:17:11 squid squid[18661]: Squid Parent: child process 21818 exited due to signal 6 Feb 3 15:17:14 squid squid[18661]: Squid Parent: child process 21971 started Feb 3 15:17:16 squid squid[18661]: Squid Parent: child process 21971 exited due to signal 6 Feb 3 15:17:19 squid squid[18661]: Squid Parent: child process 22029 started Feb 3 15:27:07 squid squid[18661]: Squid Parent: child process 22029 exited due to signal 6 Feb 3 15:27:10 squid squid[18661]: Squid Parent: child process 22207 started Feb 3 15:27:15 squid squid[18661]: Squid Parent: child process 22207 exited due to signal 6 Feb 3 15:27:18 squid squid[18661]: Squid Parent: child process 22275 started Feb 3 15:27:19 squid squid[18661]: Squid Parent: child process 22275 exited due to signal 6 Feb 3 15:27:22 squid squid[18661]: Squid Parent: child process 22323 started Feb 3 15:27:30 squid squid[18661]: Squid Parent: child process 22323 exited due to signal 6 Feb 3 15:27:33 squid squid[18661]: Squid Parent: child process 22401 started Feb 3 15:27:40 squid squid[18661]: Squid Parent: child process 22401 exited due to signal 6 Feb 3 15:27:43 squid squid[18661]: Squid Parent: child process 22469 started Feb 3 15:27:46 squid squid[18661]: Squid Parent: child process 22469 exited due to signal 6 Feb 3 15:27:46 squid squid[18661]: Exiting due to repeated, frequent failures
-- Gabriel Gunderson http://gundy.org
Gabriel Gunderson wrote:
On 1/12/06, Greg Swallow - SkyNet gregswallow@skynetonline.ca wrote:
If you actually read all the comments you'll find links to here: http://people.redhat.com/stransky/squid/ ...and you'll find a release candidate rpm for RHE4U3 (not the
experimental
package, the "Packages planned for next update"), which says it fixes
that
bug. Use that one.
Greg
The latest package on that page is squid-2.5.STABLE6-3.4E.11.RC2 when CentOS 4 has squid-2.5.STABLE6-3.4E.11. I don't get how that would help. This is as of Feb 12th 2006. I still have a flaky squid install and I'm pulling my hair out over it.
.RC2 is newer - check the changelog (I understand your confusion - not the best choice for the name of the rpm, but oh well):
* Mon Oct 17 2005 Martin Stransky stransky@redhat.com 7:2.5.STABLE6-3.4E.11.RC2 - fix for #160704 - Assertion `(*off) <= sz' failed. - fix for #168378 - CVE-2005-2917 Squid malformed NTLM authentication DoS - fix for #153274 - the 64bit LFS issue - fix for #161640 - Request to re-enable IDENT lookups in squid - fix for #162660 - pam authentication fails - fix for #172697 - Squid doesn't handle headers split across packets - fix for #170399 - Squid blocks page served by broken server - fix for #172375 - Error pages should not be replaced by updates - fix for #172392 - One translated Polish language error is missing
* Tue Sep 6 2005 Martin Stransky stransky@redhat.com 7:2.5.STABLE6-3.4E.11 ...
My problem sounds more like this: https://bugzilla.redhat.com/bugzilla/show_bug.cgi?id=165367
That bug should be fixed in .RC2 according to the web page and the bug report - if it's not then provide some feedback on the Redhat bug report - things only get fixed in Centos if they get fixed in Redhat, so don't be shy to report/follow up on bugs there.
Greg
-
Gabriel Gunderson -
Greg Swallow - SkyNet -
Jim Perrin -
Maciej Żenczykowski -
Peter Kitchener