From 031f48e6bd1530e07a84b14068cc2b15723c5893 Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= Date: Tue, 1 Mar 2016 12:42:04 +0100 Subject: [PATCH] Resolves: #1308866 - CVE-2016-2390 squid: incorrect server error handling resulting in denial of service --- squid-3.5-13981.patch | 46 +++++++++++++++++++++++++++++++++++++++++++ squid.spec | 8 +++++++- 2 files changed, 53 insertions(+), 1 deletion(-) create mode 100644 squid-3.5-13981.patch diff --git a/squid-3.5-13981.patch b/squid-3.5-13981.patch new file mode 100644 index 0000000..7c20a01 --- /dev/null +++ b/squid-3.5-13981.patch @@ -0,0 +1,46 @@ +------------------------------------------------------------ +revno: 13981 +revision-id: squid3@treenet.co.nz-20160213062427-jz0en4qyajeqpa7x +parent: squid3@treenet.co.nz-20160212045102-ivwab8s8p2gi32fv +fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4437 +author: Christos Tsantilas +committer: Amos Jeffries +branch nick: 3.5 +timestamp: Sat 2016-02-13 19:24:27 +1300 +message: + Bug 4437: Fix Segfault on Certain SSL Handshake Errors + + Squid after an unsuccesfull try to connect to the remote server may make two + concurrent retries to connect to the remote SSL server, calling twice the + FwdState::retryOrBail() method, which may result to unexpected behaviour. + + Prevent this by just closing the connection to the remote SSL server inside + FwdState::connectedToPeer method on error and instead of calling the + FwdState::retryOrBail method, just allow comm_close handler to retry the + connection if required. + + This is a Measurement Factory project +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160213062427-jz0en4qyajeqpa7x +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# testament_sha1: f22a644062f4d8c8a13897b396197ea7b44b4231 +# timestamp: 2016-02-13 06:53:09 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 +# base_revision_id: squid3@treenet.co.nz-20160212045102-\ +# ivwab8s8p2gi32fv +# +# Begin patch +=== modified file 'src/FwdState.cc' +--- src/FwdState.cc 2016-01-31 05:39:09 +0000 ++++ src/FwdState.cc 2016-02-13 06:24:27 +0000 +@@ -719,7 +719,7 @@ + answer.error.clear(); // preserve error for errorSendComplete() + if (CachePeer *p = serverConnection()->getPeer()) + peerConnectFailed(p); +- retryOrBail(); ++ serverConnection()->close(); + return; + } + + diff --git a/squid.spec b/squid.spec index 931bfdd..d89bca9 100644 --- a/squid.spec +++ b/squid.spec @@ -2,7 +2,7 @@ Name: squid Version: 3.5.13 -Release: 2%{?dist} +Release: 3%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -32,6 +32,7 @@ Patch202: squid-3.1.0.9-location.patch Patch203: squid-3.0.STABLE1-perlpath.patch Patch204: squid-3.5.9-include-guards.patch Patch205: 0001-cppunit-config-no-longer-exists-use-pkg-config.patch +Patch206: squid-3.5-13981.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: bash >= 2.0 @@ -92,6 +93,7 @@ lookup program (dnsserver), a program for retrieving FTP data %patch203 -p1 -b .perlpath %patch204 -p0 -b .include-guards %patch205 -p1 -b .cppunit-config +%patch206 -p0 -b .CVE-2016-2390 %build # cppunit-config patch changes configure.ac @@ -286,6 +288,10 @@ fi %changelog +* Tue Mar 01 2016 Luboš Uhliarik - 7:3.5.13-3 +- Resolves: #1308866 - CVE-2016-2390 squid: incorrect server error + handling resulting in denial of service + * Fri Feb 05 2016 Fedora Release Engineering - 7:3.5.13-2 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild