rpms / squid

Clone
Source Code
GIT

Blame SOURCES/squid-3.5.20-CVE-2023-49285.patch

c4 c5 c5-plus c6 c6-plus c7 c7-alt c7-beta c8-beta-stream-4 c8-stream-4 c8s-stream-4 c9 c9-beta
  1.   c7
  2.   SOURCES
  3.   squid-3.5.20-CVE-2023-49285.patch
Blob History Raw
e2987f 
commit 77b3fb4df0f126784d5fd4967c28ed40eb8d521b
e2987f 
Author: Alex Rousskov <rousskov@measurement-factory.com>
e2987f 
Date:   Wed Oct 25 19:41:45 2023 +0000
e2987f
e2987f 
    RFC 1123: Fix date parsing (#1538)
e2987f
e2987f 
    The bug was discovered and detailed by Joshua Rogers at
e2987f 
    https://megamansec.github.io/Squid-Security-Audit/datetime-overflow.html
e2987f 
    where it was filed as "1-Byte Buffer OverRead in RFC 1123 date/time
e2987f 
    Handling".
e2987f
e2987f 
diff --git a/lib/rfc1123.c b/lib/rfc1123.c
e2987f 
index e5bf9a4d7..cb484cc00 100644
e2987f 
--- a/lib/rfc1123.c
e2987f 
+++ b/lib/rfc1123.c
e2987f 
@@ -50,7 +50,13 @@ make_month(const char *s)
e2987f 
     char month[3];
e2987f
e2987f 
     month[0] = xtoupper(*s);
e2987f 
+    if (!month[0])
e2987f 
+        return -1; // protects *(s + 1) below
e2987f 
+
e2987f 
     month[1] = xtolower(*(s + 1));
e2987f 
+    if (!month[1])
e2987f 
+        return -1; // protects *(s + 2) below
e2987f 
+
e2987f 
     month[2] = xtolower(*(s + 2));
e2987f
e2987f 
     for (i = 0; i < 12; i++)
e2987f

Powered by Pagure 5.13.3

SSH Hostkey/Fingerprint | Documentation