[oe] [PATCH] squid: CVE-2016-4555
Catalin Enache
catalin.enache at windriver.com
Tue May 31 07:50:00 UTC 2016
client_side_request.cc in Squid 3.x before 3.5.18 and 4.x
before 4.0.10 allows remote servers to cause a denial of
service (crash) via crafted Edge Side Includes (ESI) responses.
http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4555
Signed-off-by: Catalin Enache <catalin.enache at windriver.com>
---
.../squid/files/CVE-2016-4555.patch | 46 ++++++++++++++++++++++
.../recipes-daemons/squid/squid_3.5.7.bb | 1 +
2 files changed, 47 insertions(+)
create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch b/meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch
new file mode 100644
index 0000000..eeabbcd
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch
@@ -0,0 +1,46 @@
+From f7aabf74e4f274b107d52cb62dfa2f9899f410ac Mon Sep 17 00:00:00 2001
+From: Catalin Enache <catalin.enache at windriver.com>
+Date: Tue, 31 May 2016 09:11:53 +0300
+Subject: [PATCH] Bug 4455: SegFault from ESIInclude::Start
+
+Upstream-Status: Backport
+CVE: CVE-2016-4555
+
+Signed-off-by: Catalin Enache <catalin.enache at windriver.com>
+---
+ src/client_side_request.cc | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/src/client_side_request.cc b/src/client_side_request.cc
+index 6a8f921..8b1e147 100644
+--- a/src/client_side_request.cc
++++ b/src/client_side_request.cc
+@@ -141,16 +141,18 @@ ClientHttpRequest::ClientHttpRequest(ConnStateData * aConn) :
+ setConn(aConn);
+ al = new AccessLogEntry;
+ al->cache.start_time = current_time;
+- al->tcpClient = clientConnection = aConn->clientConnection;
+- al->cache.port = aConn->port;
+- al->cache.caddr = aConn->log_addr;
++ if (aConn) {
++ al->tcpClient = clientConnection = aConn->clientConnection;
++ al->cache.port = aConn->port;
++ al->cache.caddr = aConn->log_addr;
+
+ #if USE_OPENSSL
+- if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
+- if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl)
+- al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
+- }
++ if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
++ if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl)
++ al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
++ }
+ #endif
++ }
+ dlinkAdd(this, &active, &ClientActiveRequests);
+ #if USE_ADAPTATION
+ request_satisfaction_mode = false;
+--
+2.7.4
+
diff --git a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
index 7fe41ee..7e1f62e 100644
--- a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
+++ b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
@@ -31,6 +31,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${P
file://volatiles.03_squid \
file://CVE-2016-3947.patch \
file://CVE-2016-4554.patch \
+ file://CVE-2016-4555.patch \
"
LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \
--
2.7.4
More information about the Openembedded-devel
mailing list