Resolves: #1308866 - CVE-2016-2390 squid: incorrect server error

handling resulting in denial of service
2016-03-01 12:42:04 +01:00 · 2016-03-01 12:42:04 +01:00 · 031f48e6bd
commit 031f48e6bd
parent 0e2182c799
2 changed files with 53 additions and 1 deletions
--- a/squid-3.5-13981.patch
+++ b/squid-3.5-13981.patch
@ -0,0 +1,46 @@
+------------------------------------------------------------
+revno: 13981
+revision-id: squid3@treenet.co.nz-20160213062427-jz0en4qyajeqpa7x
+parent: squid3@treenet.co.nz-20160212045102-ivwab8s8p2gi32fv
+fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4437
+author: Christos Tsantilas <chtsanti@users.sourceforge.net>
+committer: Amos Jeffries <squid3@treenet.co.nz>
+branch nick: 3.5
+timestamp: Sat 2016-02-13 19:24:27 +1300
+message:
+  Bug 4437: Fix Segfault on Certain SSL Handshake Errors
+  
+  Squid after an unsuccesfull try to connect to the remote server may make two
+  concurrent retries to connect to the remote SSL server, calling twice the
+  FwdState::retryOrBail() method, which may result to unexpected behaviour.
+  
+  Prevent this by just closing the connection to the remote SSL server inside
+  FwdState::connectedToPeer method on error and instead of calling the
+  FwdState::retryOrBail method, just allow comm_close handler to retry the
+  connection if required.
+  
+    This is a Measurement Factory project
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3@treenet.co.nz-20160213062427-jz0en4qyajeqpa7x
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# testament_sha1: f22a644062f4d8c8a13897b396197ea7b44b4231
+# timestamp: 2016-02-13 06:53:09 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
+# base_revision_id: squid3@treenet.co.nz-20160212045102-\
+#   ivwab8s8p2gi32fv
+# 
+# Begin patch
+=== modified file 'src/FwdState.cc'
+--- src/FwdState.cc	2016-01-31 05:39:09 +0000
+++ src/FwdState.cc	2016-02-13 06:24:27 +0000
+@@ -719,7 +719,7 @@
+         answer.error.clear(); // preserve error for errorSendComplete()
+         if (CachePeer *p = serverConnection()->getPeer())
+             peerConnectFailed(p);
+-        retryOrBail();
+        serverConnection()->close();
+         return;
+     }
+ 
+
--- a/squid.spec
+++ b/squid.spec
@ -2,7 +2,7 @@

 Name:     squid
 Version:  3.5.13
-Release:  2%{?dist}
+Release:  3%{?dist}
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
@ -32,6 +32,7 @@ Patch202: squid-3.1.0.9-location.patch
 Patch203: squid-3.0.STABLE1-perlpath.patch
 Patch204: squid-3.5.9-include-guards.patch
 Patch205: 0001-cppunit-config-no-longer-exists-use-pkg-config.patch
+Patch206: squid-3.5-13981.patch

 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: bash >= 2.0
@ -92,6 +93,7 @@ lookup program (dnsserver), a program for retrieving FTP data
 %patch203 -p1 -b .perlpath
 %patch204 -p0 -b .include-guards
 %patch205 -p1 -b .cppunit-config
+%patch206 -p0 -b .CVE-2016-2390

 %build
 # cppunit-config patch changes configure.ac
@ -286,6 +288,10 @@ fi


 %changelog
+* Tue Mar 01 2016 Luboš Uhliarik <luhliari@redhat.com> - 7:3.5.13-3
+- Resolves: #1308866 - CVE-2016-2390 squid: incorrect server error 
+  handling resulting in denial of service
+
 * Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 7:3.5.13-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild