[oe] [PATCH] squid: CVE-2016-4555
akuster808
akuster808 at gmail.com
Thu Jul 14 14:28:54 UTC 2016
ping
On 05/31/2016 12:50 AM, Catalin Enache wrote:
> client_side_request.cc in Squid 3.x before 3.5.18 and 4.x
> before 4.0.10 allows remote servers to cause a denial of
> service (crash) via crafted Edge Side Includes (ESI) responses.
>
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4555
>
> Signed-off-by: Catalin Enache <catalin.enache at windriver.com>
> ---
> .../squid/files/CVE-2016-4555.patch | 46 ++++++++++++++++++++++
> .../recipes-daemons/squid/squid_3.5.7.bb | 1 +
> 2 files changed, 47 insertions(+)
> create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch
>
> diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch b/meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch
> new file mode 100644
> index 0000000..eeabbcd
> --- /dev/null
> +++ b/meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch
> @@ -0,0 +1,46 @@
> +From f7aabf74e4f274b107d52cb62dfa2f9899f410ac Mon Sep 17 00:00:00 2001
> +From: Catalin Enache <catalin.enache at windriver.com>
> +Date: Tue, 31 May 2016 09:11:53 +0300
> +Subject: [PATCH] Bug 4455: SegFault from ESIInclude::Start
> +
> +Upstream-Status: Backport
> +CVE: CVE-2016-4555
> +
> +Signed-off-by: Catalin Enache <catalin.enache at windriver.com>
> +---
> + src/client_side_request.cc | 16 +++++++++-------
> + 1 file changed, 9 insertions(+), 7 deletions(-)
> +
> +diff --git a/src/client_side_request.cc b/src/client_side_request.cc
> +index 6a8f921..8b1e147 100644
> +--- a/src/client_side_request.cc
> ++++ b/src/client_side_request.cc
> +@@ -141,16 +141,18 @@ ClientHttpRequest::ClientHttpRequest(ConnStateData * aConn) :
> + setConn(aConn);
> + al = new AccessLogEntry;
> + al->cache.start_time = current_time;
> +- al->tcpClient = clientConnection = aConn->clientConnection;
> +- al->cache.port = aConn->port;
> +- al->cache.caddr = aConn->log_addr;
> ++ if (aConn) {
> ++ al->tcpClient = clientConnection = aConn->clientConnection;
> ++ al->cache.port = aConn->port;
> ++ al->cache.caddr = aConn->log_addr;
> +
> + #if USE_OPENSSL
> +- if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
> +- if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl)
> +- al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
> +- }
> ++ if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
> ++ if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl)
> ++ al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
> ++ }
> + #endif
> ++ }
> + dlinkAdd(this, &active, &ClientActiveRequests);
> + #if USE_ADAPTATION
> + request_satisfaction_mode = false;
> +--
> +2.7.4
> +
> diff --git a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
> index 7fe41ee..7e1f62e 100644
> --- a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
> +++ b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
> @@ -31,6 +31,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${P
> file://volatiles.03_squid \
> file://CVE-2016-3947.patch \
> file://CVE-2016-4554.patch \
> + file://CVE-2016-4555.patch \
> "
>
> LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \
>
More information about the Openembedded-devel
mailing list