[oe-commits] [meta-openembedded] 17/19: squid: CVE-2016-10003

git at git.openembedded.org git at git.openembedded.org
Fri Nov 17 01:52:18 UTC 2017 

This is an automated email from the git hooks/post-receive script.

armin_kuster pushed a commit to branch akuster/morty-next
in repository meta-openembedded.

commit 6d03884d6260f25e5359645ca589ae2e403991ff
Author: Thiruvadi Rajaraman <trajaraman at mvista.com>
AuthorDate: Wed May 31 13:53:15 2017 +0530

    squid: CVE-2016-10003
    
    Source: http://www.squid-cache.org/
    MR: 70144
    Type: Security Fix
    Disposition: Backport from http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_10_a.patch
    ChangeID: f713fe5b0b38ba5402a9c0947289ee9a0ea5bcbe
    Description:
    
      Do not share private responses with collapsed client(s).
    
      This excessive sharing problem with collapsed forwarding code has
      several layers. In most cases, the core CF code does not share
      uncachable or private response with collapsed clients because of the
      refreshCheckHTTP() check. However, some responses might not be subject
      to that (or equivalent) check. More importantly, collapsed revalidation
      code does not check its responses at all and, hence, easily shares
      private responses.
    
      This short-term fix incorrectly assumes that an entry may become private
      (KEY_PRIVATE) only when it cannot be shared among multiple clients
      (e.g., because of a Cache-Control:private response header). However,
      there are a few other cases when an entry becomes private. One of them
      is a DISK_NO_SPACE_LEFT error inside storeSwapOutFileClosed() where
      StoreEntry::releaseRequest() sets KEY_PRIVATE for a sharable entry [that
      may still be perfectly preserved in the memory cache]. Consequently, the
      short-term fix reduces CF effectiveness. The extent of this reduction is
      probably environment-dependent.
    
    Author: Eduard Bagdasaryan <eduard.bagdasaryan at measurement-factory.com>
    Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
    Reviewed-by: Armin Kuster <akuster at mvista.com>
    Signed-off-by: Armin Kuster <akuster at mvista.com>
    Signed-off-by: Armin Kuster <akuster808 at gmail.com>
---
 .../squid/files/CVE-2016-10003.patch               | 33 ++++++++++++++++++++++
 .../recipes-daemons/squid/squid_3.5.20.bb          |  1 +
 2 files changed, 34 insertions(+)

diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2016-10003.patch b/meta-networking/recipes-daemons/squid/files/CVE-2016-10003.patch
new file mode 100644
index 0000000..cf94e75
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2016-10003.patch
@@ -0,0 +1,33 @@
+author: Eduard Bagdasaryan <eduard.bagdasaryan at measurement-factory.com>
+committer: Amos Jeffries <squid3 at treenet.co.nz>
+branch nick: trunk
+timestamp: Fri 2016-12-16 15:43:39 +1300
+message:
+
+  Do not share private responses with collapsed client(s).
+
+Upstream-status: Backport
+Signed-off-by: Thiruvadi Rajaraman <trajaraman at mvista.com>
+
+Index: squid-3.5.20/src/client_side_reply.cc
+===================================================================
+--- squid-3.5.20.orig/src/client_side_reply.cc	2016-07-01 17:07:50.000000000 +0530
++++ squid-3.5.20/src/client_side_reply.cc	2017-05-31 13:15:46.541291519 +0530
+@@ -473,6 +482,17 @@
+         return;
+     }
+ 
++ 
++    // The previously identified hit suddenly became unsharable!
++    // This is common for collapsed forwarding slaves but might also
++    // happen to regular hits because we are called asynchronously.
++    if (EBIT_TEST(e->flags, KEY_PRIVATE)) {
++        debugs(88, 3, "unsharable " << *e << ". MISS");
++        http->logType = LOG_TCP_MISS;
++        processMiss();
++        return;
++    }
++
+     if (result.length == 0) {
+         debugs(88, 5, "store IO buffer has no content. MISS");
+         /* the store couldn't get enough data from the file for us to id the
diff --git a/meta-networking/recipes-daemons/squid/squid_3.5.20.bb b/meta-networking/recipes-daemons/squid/squid_3.5.20.bb
index fc7f768..4b806a9 100644
--- a/meta-networking/recipes-daemons/squid/squid_3.5.20.bb
+++ b/meta-networking/recipes-daemons/squid/squid_3.5.20.bb
@@ -21,6 +21,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${P
            file://volatiles.03_squid \
            file://set_sysroot_patch.patch \
            file://squid-don-t-do-squid-conf-tests-at-build-time.patch \
+	   file://CVE-2016-10003.patch \
 "
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \

-- 
To stop receiving notification emails like this one, please contact
the administrator of this repository.

More information about the Openembedded-commits mailing list