Tree - rpms/squid - CentOS Git server

rpms / squid

Files

Commit: 34391115ad4f08b47b547688724e4e24cae1cd98
Blob Blame History Raw
------------------------------------------------------------
revno: 12698
revision-id: squid3@treenet.co.nz-20160502034346-fhtahpk2lfblo2b1
parent: squid3@treenet.co.nz-20160420111636-ft1dbd1iuktj8ift
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.3
timestamp: Mon 2016-05-02 15:43:46 +1200
message:
  Require exact match in Host header name lookup
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160502034346-fhtahpk2lfblo2b1
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.3
# testament_sha1: 6e285b375879d79c870bff268c99ef2597f1b725
# timestamp: 2016-05-02 03:50:49 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.3
# base_revision_id: squid3@treenet.co.nz-20160420111636-\
#   ft1dbd1iuktj8ift
# 
# Begin patch
=== modified file 'src/mime_header.cc'
--- src/mime_header.cc	2012-08-29 12:36:10 +0000
+++ src/mime_header.cc	2016-05-02 03:43:46 +0000
@@ -62,9 +62,6 @@
         if (strcmp(p, "\r\n\r\n") == 0 || strcmp(p, "\n\n") == 0)
             return NULL;
 
-        while (xisspace(*p))
-            ++p;
-
         if (strncasecmp(p, name, namelen))
             continue;
 

------------------------------------------------------------
revno: 12700
revision-id: squid3@treenet.co.nz-20160508124255-w1vb9ifv5affhgai
parent: squid3@treenet.co.nz-20160506091321-tza59kjh2g6goob0
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4515
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.3
timestamp: Mon 2016-05-09 00:42:55 +1200
message:
  Bug 4515: regression after CVE-2016-4554 patch
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160508124255-w1vb9ifv5affhgai
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.3
# testament_sha1: 5ff66676035dc7841f6eb610dee8739dc015f29c
# timestamp: 2016-05-08 12:50:57 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.3
# base_revision_id: squid3@treenet.co.nz-20160506091321-\
#   tza59kjh2g6goob0
# 
# Begin patch
=== modified file 'src/mime_header.cc'
--- src/mime_header.cc	2016-05-02 03:43:46 +0000
+++ src/mime_header.cc	2016-05-08 12:42:55 +0000
@@ -58,10 +58,13 @@
 
     debugs(25, 5, "mime_get_header: looking for '" << name << "'");
 
-    for (p = mime; *p; p += strcspn(p, "\n\r")) {
-        if (strcmp(p, "\r\n\r\n") == 0 || strcmp(p, "\n\n") == 0)
+    for (p = mime; *p; p += strcspn(p, "\n")) {
+        if (strcmp(p, "\n\r\n") == 0 || strcmp(p, "\n\n") == 0)
             return NULL;
 
+        if (*p == '\n')
+            ++p;
+
         if (strncasecmp(p, name, namelen))
             continue;
rpms / squid

Source Code

Files
