diff options
| author | Sergey Lukin <sergej.lukin@gmail.com> | 2016-12-14 15:00:21 +0000 |
|---|---|---|
| committer | Timo Teräs <timo.teras@iki.fi> | 2016-12-26 09:25:10 +0000 |
| commit | f7fb6eb9c7b2bdc8ac41b605df86bb2fa114e89a (patch) | |
| tree | 9c4dc3dd05840996c1b1e6bfc1fc3e2797746bbf /main/squid/squid-3.5-13990-CVE-2016-2571.patch | |
| parent | f64f0773b23ca508f7c24274d5c67d0bb8bbb1bb (diff) | |
| download | aports-f7fb6eb9c7b2bdc8ac41b605df86bb2fa114e89a.tar.bz2 aports-f7fb6eb9c7b2bdc8ac41b605df86bb2fa114e89a.tar.xz | |
main/squid: security upgrade - fixes #5216
Diffstat (limited to 'main/squid/squid-3.5-13990-CVE-2016-2571.patch')
| -rw-r--r-- | main/squid/squid-3.5-13990-CVE-2016-2571.patch | 47 |
1 files changed, 47 insertions, 0 deletions
diff --git a/main/squid/squid-3.5-13990-CVE-2016-2571.patch b/main/squid/squid-3.5-13990-CVE-2016-2571.patch new file mode 100644 index 0000000000..675928c6ea --- /dev/null +++ b/main/squid/squid-3.5-13990-CVE-2016-2571.patch @@ -0,0 +1,47 @@ +patch was modified for applying to squid-3.4.14 +------------------------------------------------------------ +revno: 13990 +revision-id: rousskov@measurement-factory.com-20160218041533-8tmtd45c3nky2gyy +parent: squid3@treenet.co.nz-20160215135848-ms0dmjsfouxcb8g2 +committer: Alex Rousskov <rousskov@measurement-factory.com> +branch nick: 3.5 +timestamp: Wed 2016-02-17 21:15:33 -0700 +message: + Better handling of huge response headers. Fewer "BUG 3279" messages. + + When we failed to parse a response, do not store the fake half-baked + response (via a replaceHttpReply() call). Doing so leads to misleading + "BUG 3279: HTTP reply without Date" messages (at best). The fake + response is only meant for continueAfterParsingHeader(). + + Also removed a misleading XXX that may have caused Bug 4432 in v4.0 + (trunk r14548). +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: rousskov@measurement-factory.com-20160218041533-\ +# 8tmtd45c3nky2gyy +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: 0a7978c0442191d33a9472c6185692a78da6c0b0 +# timestamp: 2016-02-18 04:50:56 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160215135848-\ +# ms0dmjsfouxcb8g2 +# +# Begin patch +=== modified file 'src/http.cc' +--- a/src/http.cc ++++ b/src/http.cc +@@ -719,11 +719,8 @@ + if (!parsed && error > 0) { // unrecoverable parsing error + debugs(11, 3, "processReplyHeader: Non-HTTP-compliant header: '" << readBuf->content() << "'"); + flags.headers_parsed = true; +- // XXX: when sanityCheck is gone and Http::StatusLine is used to parse, +- // the sline should be already set the appropriate values during that parser stage + newrep->sline.set(Http::ProtocolVersion(1,1), error); +- HttpReply *vrep = setVirginReply(newrep); +- entry->replaceHttpReply(vrep); ++ setVirginReply(newrep); + ctx_exit(ctx); + return; + } + |