[PATCH] squid: CVE-2016-4555

All of lore.kernel.org
 help / color / mirror / Atom feed

* [PATCH] squid: CVE-2016-4555
@ 2016-05-31  7:50 Catalin Enache
  2016-07-14 14:28 ` akuster808
  0 siblings, 1 reply; 2+ messages in thread
From: Catalin Enache @ 2016-05-31  7:50 UTC (permalink / raw)
  To: openembedded-devel

client_side_request.cc in Squid 3.x before 3.5.18 and 4.x
before 4.0.10 allows remote servers to cause a denial of
service (crash) via crafted Edge Side Includes (ESI) responses.

http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4555

Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
---
 .../squid/files/CVE-2016-4555.patch                | 46 ++++++++++++++++++++++
 .../recipes-daemons/squid/squid_3.5.7.bb           |  1 +
 2 files changed, 47 insertions(+)
 create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch

diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch b/meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch
new file mode 100644
index 0000000..eeabbcd
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch
@@ -0,0 +1,46 @@
+From f7aabf74e4f274b107d52cb62dfa2f9899f410ac Mon Sep 17 00:00:00 2001
+From: Catalin Enache <catalin.enache@windriver.com>
+Date: Tue, 31 May 2016 09:11:53 +0300
+Subject: [PATCH] Bug 4455: SegFault from ESIInclude::Start
+
+Upstream-Status: Backport
+CVE: CVE-2016-4555
+
+Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
+---
+ src/client_side_request.cc | 16 +++++++++-------
+ 1 file changed, 9 insertions(+), 7 deletions(-)
+
+diff --git a/src/client_side_request.cc b/src/client_side_request.cc
+index 6a8f921..8b1e147 100644
+--- a/src/client_side_request.cc
++++ b/src/client_side_request.cc
+@@ -141,16 +141,18 @@ ClientHttpRequest::ClientHttpRequest(ConnStateData * aConn) :
+     setConn(aConn);
+     al = new AccessLogEntry;
+     al->cache.start_time = current_time;
+-    al->tcpClient = clientConnection = aConn->clientConnection;
+-    al->cache.port = aConn->port;
+-    al->cache.caddr = aConn->log_addr;
++    if (aConn) {
++        al->tcpClient = clientConnection = aConn->clientConnection;
++        al->cache.port = aConn->port;
++        al->cache.caddr = aConn->log_addr;
+ 
+ #if USE_OPENSSL
+-    if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
+-        if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl)
+-            al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
+-    }
++        if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
++            if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl)
++                al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
++        }
+ #endif
++    }
+     dlinkAdd(this, &active, &ClientActiveRequests);
+ #if USE_ADAPTATION
+     request_satisfaction_mode = false;
+-- 
+2.7.4
+
diff --git a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
index 7fe41ee..7e1f62e 100644
--- a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
+++ b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
@@ -31,6 +31,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${P
            file://volatiles.03_squid \
            file://CVE-2016-3947.patch \
            file://CVE-2016-4554.patch \
+           file://CVE-2016-4555.patch \
 "
 
 LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \
-- 
2.7.4



^ permalink raw reply related	[flat|nested] 2+ messages in thread

* Re: [PATCH] squid: CVE-2016-4555
  2016-05-31  7:50 [PATCH] squid: CVE-2016-4555 Catalin Enache
@ 2016-07-14 14:28 ` akuster808
  0 siblings, 0 replies; 2+ messages in thread
From: akuster808 @ 2016-07-14 14:28 UTC (permalink / raw)
  To: openembedded-devel

ping

On 05/31/2016 12:50 AM, Catalin Enache wrote:
> client_side_request.cc in Squid 3.x before 3.5.18 and 4.x
> before 4.0.10 allows remote servers to cause a denial of
> service (crash) via crafted Edge Side Includes (ESI) responses.
> 
> http://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-4555
> 
> Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
> ---
>  .../squid/files/CVE-2016-4555.patch                | 46 ++++++++++++++++++++++
>  .../recipes-daemons/squid/squid_3.5.7.bb           |  1 +
>  2 files changed, 47 insertions(+)
>  create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch
> 
> diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch b/meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch
> new file mode 100644
> index 0000000..eeabbcd
> --- /dev/null
> +++ b/meta-networking/recipes-daemons/squid/files/CVE-2016-4555.patch
> @@ -0,0 +1,46 @@
> +From f7aabf74e4f274b107d52cb62dfa2f9899f410ac Mon Sep 17 00:00:00 2001
> +From: Catalin Enache <catalin.enache@windriver.com>
> +Date: Tue, 31 May 2016 09:11:53 +0300
> +Subject: [PATCH] Bug 4455: SegFault from ESIInclude::Start
> +
> +Upstream-Status: Backport
> +CVE: CVE-2016-4555
> +
> +Signed-off-by: Catalin Enache <catalin.enache@windriver.com>
> +---
> + src/client_side_request.cc | 16 +++++++++-------
> + 1 file changed, 9 insertions(+), 7 deletions(-)
> +
> +diff --git a/src/client_side_request.cc b/src/client_side_request.cc
> +index 6a8f921..8b1e147 100644
> +--- a/src/client_side_request.cc
> ++++ b/src/client_side_request.cc
> +@@ -141,16 +141,18 @@ ClientHttpRequest::ClientHttpRequest(ConnStateData * aConn) :
> +     setConn(aConn);
> +     al = new AccessLogEntry;
> +     al->cache.start_time = current_time;
> +-    al->tcpClient = clientConnection = aConn->clientConnection;
> +-    al->cache.port = aConn->port;
> +-    al->cache.caddr = aConn->log_addr;
> ++    if (aConn) {
> ++        al->tcpClient = clientConnection = aConn->clientConnection;
> ++        al->cache.port = aConn->port;
> ++        al->cache.caddr = aConn->log_addr;
> + 
> + #if USE_OPENSSL
> +-    if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
> +-        if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl)
> +-            al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
> +-    }
> ++        if (aConn->clientConnection != NULL && aConn->clientConnection->isOpen()) {
> ++            if (SSL *ssl = fd_table[aConn->clientConnection->fd].ssl)
> ++                al->cache.sslClientCert.reset(SSL_get_peer_certificate(ssl));
> ++        }
> + #endif
> ++    }
> +     dlinkAdd(this, &active, &ClientActiveRequests);
> + #if USE_ADAPTATION
> +     request_satisfaction_mode = false;
> +-- 
> +2.7.4
> +
> diff --git a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
> index 7fe41ee..7e1f62e 100644
> --- a/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
> +++ b/meta-networking/recipes-daemons/squid/squid_3.5.7.bb
> @@ -31,6 +31,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${P
>             file://volatiles.03_squid \
>             file://CVE-2016-3947.patch \
>             file://CVE-2016-4554.patch \
> +           file://CVE-2016-4555.patch \
>  "
>  
>  LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \
> 


^ permalink raw reply	[flat|nested] 2+ messages in thread

end of thread, other threads:[~2016-07-14 14:29 UTC | newest]

Thread overview: 2+ messages (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2016-05-31  7:50 [PATCH] squid: CVE-2016-4555 Catalin Enache
2016-07-14 14:28 ` akuster808

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.