Date: Tue, 4 Dec 2007 20:07:36 +0100 (CET) From: Thomas-Martin Seck <tmseck@netcologne.de> To: FreeBSD-gnats-submit@FreeBSD.org Cc: secteam@FreeBSD.org Subject: ports/118433: [Maintainer] [Security] www/squid30: fix a remote DOS vulnerability (Squid advisory 2007-2) Message-ID: <200712041907.lB4J7aar060087@bledge.tmseck.homedns.org> Resent-Message-ID: <200712041910.lB4JA1SQ086792@freefall.freebsd.org>
next in thread | raw e-mail | index | archive | help
>Number: 118433 >Category: ports >Synopsis: [Maintainer] [Security] www/squid30: fix a remote DOS vulnerability (Squid advisory 2007-2) >Confidential: no >Severity: serious >Priority: high >Responsible: freebsd-ports-bugs >State: open >Quarter: >Keywords: >Date-Required: >Class: maintainer-update >Submitter-Id: current-users >Arrival-Date: Tue Dec 04 19:10:01 UTC 2007 >Closed-Date: >Last-Modified: >Originator: Thomas-Martin Seck >Release: FreeBSD 7.0-BETA3 i386 >Organization: a private site in Germany >Environment: FreeBSD ports collection as of December 4, 2007. >Description: Fix a remote denial of service vulnerability as described in Squid security advisory 2007:2 (http://www.squid-cache.org/Advisories/SQUID-2007_2.txt). Added files: files/patch-secfix-2007-2 Please see ports/118430 for the proposed VuXML entry for www/squid, or vuln id 65378ea7-a288-11dc-8856-0048543d60ce respectively. This VuXML entry should be updated as follows: In range please substitute <lt>2.6.17</lt><ge>3.0.*</ge> with <lt>2.6.17</lt><ge>3.0.*</ge><lt>3.0.r1.20071001_1</lt> >How-To-Repeat: >Fix: Apply this patch: Index: Makefile =================================================================== --- Makefile (.../www/squid30) (revision 1279) +++ Makefile (.../local/squid30) (revision 1279) @@ -63,6 +63,7 @@ PORTNAME= squid PORTVERSION= 3.0.r1.${PATCHSET_DATE} +PORTREVISION= 1 CATEGORIES= www MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \ Index: files/patch-secfix-2007-2 =================================================================== --- files/patch-secfix-2007-2 (.../www/squid30) (revision 0) +++ files/patch-secfix-2007-2 (.../local/squid30) (revision 1279) @@ -0,0 +1,143 @@ +Patch for the remote denial of service vulnerability as documented in +Squid advisory 2007_2 (http://www.squid-cache.org/Advisories/SQUID-2007_2.txt): + +This is a slightly revised version of the original PatchSet 11211, with +one hunk removed and path informations stripped in order to make it +apply to otherwise unpatched 3.0.RC1 sources. + +Created: 2007-12-04 by Thomas-Martin Seck <tmseck@netcologne.de> for the +FreeBSD port of Squid 3.0. + +--------------------- +PatchSet 11211 +Date: 2007/11/26 13:09:54 +Author: hno +Branch: HEAD +Tag: (none) +Log: +pack header entries on cache updates + +Members: + include/Array.h:1.24->1.25 + src/HttpHeader.cc:1.137->1.138 + src/HttpHeader.h:1.23->1.24 + src/HttpReply.cc:1.96->1.97 + +Index: squid3/include/Array.h +=================================================================== +RCS file: /cvsroot/squid/squid3/include/Array.h,v +retrieving revision 1.24 +retrieving revision 1.25 +diff -u -r1.24 -r1.25 +--- include/Array.h 21 Nov 2005 22:43:41 -0000 1.24 ++++ include/Array.h 26 Nov 2007 13:09:54 -0000 1.25 +@@ -1,5 +1,5 @@ + /* +- * $Id: Array.h,v 1.24 2005/11/21 22:43:41 wessels Exp $ ++ * $Id: Array.h,v 1.25 2007/11/26 13:09:54 hno Exp $ + * + * AUTHOR: Alex Rousskov + * +@@ -98,6 +98,7 @@ + E &back(); + E pop_back(); + E shift(); // aka pop_front ++ void prune(E); + void preAppend(int app_count); + bool empty() const; + size_t size() const; +@@ -243,6 +244,22 @@ + return items[size() - 1]; + } + ++template<class E> ++void ++Vector<E>::prune(E item) ++{ ++ unsigned int n = 0; ++ for (unsigned int i = 0; i < count; i++) { ++ if (items[i] != item) { ++ if (i != n) ++ items[n] = items[i]; ++ n++; ++ } ++ } ++ ++ count = n; ++} ++ + /* if you are going to append a known and large number of items, call this first */ + template<class E> + void +Index: squid3/src/HttpHeader.cc +=================================================================== +RCS file: /cvsroot/squid/squid3/src/HttpHeader.cc,v +retrieving revision 1.137 +retrieving revision 1.138 +diff -u -r1.137 -r1.138 +--- src/HttpHeader.cc 26 Nov 2007 12:31:37 -0000 1.137 ++++ src/HttpHeader.cc 26 Nov 2007 13:09:55 -0000 1.138 +@@ -787,6 +787,15 @@ + } + + /* ++ * Compacts the header storage ++ */ ++void ++HttpHeader::compact() ++{ ++ entries.prune(NULL); ++} ++ ++/* + * Refreshes the header mask. Required after delAt() calls. + */ + void +Index: squid3/src/HttpHeader.h +=================================================================== +RCS file: /cvsroot/squid/squid3/src/HttpHeader.h,v +retrieving revision 1.23 +retrieving revision 1.24 +diff -u -r1.23 -r1.24 +--- src/HttpHeader.h 13 Aug 2007 17:20:51 -0000 1.23 ++++ src/HttpHeader.h 26 Nov 2007 13:09:55 -0000 1.24 +@@ -1,6 +1,6 @@ + + /* +- * $Id: HttpHeader.h,v 1.23 2007/08/13 17:20:51 hno Exp $ ++ * $Id: HttpHeader.h,v 1.24 2007/11/26 13:09:55 hno Exp $ + * + * + * SQUID Web Proxy Cache http://www.squid-cache.org/ +@@ -202,6 +202,7 @@ + void clean(); + void append(const HttpHeader * src); + void update (HttpHeader const *fresh, HttpHeaderMask const *denied_mask); ++ void compact(); + int reset(); + int parse(const char *header_start, const char *header_end); + void packInto(Packer * p) const; +Index: squid3/src/HttpReply.cc +=================================================================== +RCS file: /cvsroot/squid/squid3/src/HttpReply.cc,v +retrieving revision 1.96 +retrieving revision 1.97 +diff -u -r1.96 -r1.97 +--- src/HttpReply.cc 13 Aug 2007 17:20:51 -0000 1.96 ++++ src/HttpReply.cc 26 Nov 2007 13:09:55 -0000 1.97 +@@ -1,6 +1,6 @@ + + /* +- * $Id: HttpReply.cc,v 1.96 2007/08/13 17:20:51 hno Exp $ ++ * $Id: HttpReply.cc,v 1.97 2007/11/26 13:09:55 hno Exp $ + * + * DEBUG: section 58 HTTP Reply (Response) + * AUTHOR: Alex Rousskov +@@ -312,6 +312,7 @@ + header.update(&freshRep->header, + (const HttpHeaderMask *) &Denied304HeadersMask); + ++ header.compact(); + /* init cache */ + hdrCacheInit(); + } >Release-Note: >Audit-Trail: >Unformatted:
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?200712041907.lB4J7aar060087>