[oe] [PATCH] squid: CVE-2016-4555

akuster808 akuster808 at gmail.com
Thu Jul 14 14:28:54 UTC 2016 

ping

On 05/31/2016 12:50 AM, Catalin Enache wrote:
> client_side_request.cc in Squid 3.x before 3.5.18 and 4.x
> before 4.0.10 allows remote servers to cause a denial of
> service (crash) via crafted Edge Side Includes (ESI) responses.
> 
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4555
> 
> Signed-off-by: Catalin Enache <catalin.enache at windriver.com>
> ---
>  .../squid/files/CVE-2016-4555.patch                | 46 ++++++++++++++++++++++
>  .../recipes-daemons/squid/squid_3.5.7.bb           |  1 +
>  2 files changed, 47 insertions(+)
>  create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch
> 
> diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch b/meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch
> new file mode 100644
> index 0000000..eeabbcd
> --- /dev/null
> +++ b/meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch
> @@ -0,0 +1,46 @@
> +From f7aabf74e4f274b107d52cb62dfa2f9899f410ac Mon Sep 17 00:00:00 2001
> +From: Catalin Enache <catalin.enache at windriver.com>
> +Date: Tue, 31 May 2016 09:11:53 +0300
> +Subject: [PATCH] Bug 4455: SegFault from ESIInclude::Start
> +
> +Upstream-Status: Backport
> +CVE: CVE-2016-4555
> +
> +Signed-off-by: Catalin Enache <catalin.enache at windriver.com>
> +---
> + src/client_side_request.cc | 16 +++++++++-------
> + 1 file changed, 9 insertions(+), 7 deletions(-)
> +
> +diff --git a/src/client_side_request.cc b/src/client_side_request.cc
> +index 6a8f921..8b1e147 100644
> +--- a/src/client_side_request.cc
> ++++ b/src/client_side_request.cc
> +@@ -141,16 +141,18 @@ ClientHttpRequest::ClientHttpRequest(ConnStateData * aConn) :
> +     setConn(aConn);
> +     al = new AccessLogEntry;
> +     al->cache.start_time = current_time;
> +-    al->tcpClient = clientConnection = aConn->clientConnection;
> +-    al->cache.port = aConn->port;
> +-    al->cache.caddr = aConn->log_addr;
> ++    if (aConn) {
> ++        al->tcpClient = clientConnection = aConn->clientConnection;
> ++        al->cache.port = aConn->port;
> ++        al->cache.caddr = aConn->log_addr;
> + 
> + #if USE_OPENSSL
> +-    if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
> +-        if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl)
> +-            al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
> +-    }
> ++        if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
> ++            if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl)
> ++                al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
> ++        }
> + #endif
> ++    }
> +     dlinkAdd(this, &active, &ClientActiveRequests);
> + #if USE_ADAPTATION
> +     request_satisfaction_mode = false;
> +-- 
> +2.7.4
> +
> diff --git a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
> index 7fe41ee..7e1f62e 100644
> --- a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
> +++ b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
> @@ -31,6 +31,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${P
>             file://volatiles.03_squid \
>             file://CVE-2016-3947.patch \
>             file://CVE-2016-4554.patch \
> +           file://CVE-2016-4555.patch \
>  "
>  
>  LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \
>

More information about the Openembedded-devel mailing list