Resolves: #1308866 - CVE-2016-2390 squid: incorrect server error

handling resulting in denial of service
This commit is contained in:
Luboš Uhliarik 2016-03-01 12:42:04 +01:00
parent 0e2182c799
commit 031f48e6bd
2 changed files with 53 additions and 1 deletions

46
squid-3.5-13981.patch Normal file
View File

@ -0,0 +1,46 @@
------------------------------------------------------------
revno: 13981
revision-id: squid3@treenet.co.nz-20160213062427-jz0en4qyajeqpa7x
parent: squid3@treenet.co.nz-20160212045102-ivwab8s8p2gi32fv
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4437
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sat 2016-02-13 19:24:27 +1300
message:
Bug 4437: Fix Segfault on Certain SSL Handshake Errors
Squid after an unsuccesfull try to connect to the remote server may make two
concurrent retries to connect to the remote SSL server, calling twice the
FwdState::retryOrBail() method, which may result to unexpected behaviour.
Prevent this by just closing the connection to the remote SSL server inside
FwdState::connectedToPeer method on error and instead of calling the
FwdState::retryOrBail method, just allow comm_close handler to retry the
connection if required.
This is a Measurement Factory project
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160213062427-jz0en4qyajeqpa7x
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: f22a644062f4d8c8a13897b396197ea7b44b4231
# timestamp: 2016-02-13 06:53:09 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160212045102-\
# ivwab8s8p2gi32fv
#
# Begin patch
=== modified file 'src/FwdState.cc'
--- src/FwdState.cc 2016-01-31 05:39:09 +0000
+++ src/FwdState.cc 2016-02-13 06:24:27 +0000
@@ -719,7 +719,7 @@
answer.error.clear(); // preserve error for errorSendComplete()
if (CachePeer *p = serverConnection()->getPeer())
peerConnectFailed(p);
- retryOrBail();
+ serverConnection()->close();
return;
}

View File

@ -2,7 +2,7 @@
Name: squid Name: squid
Version: 3.5.13 Version: 3.5.13
Release: 2%{?dist} Release: 3%{?dist}
Summary: The Squid proxy caching server Summary: The Squid proxy caching server
Epoch: 7 Epoch: 7
# See CREDITS for breakdown of non GPLv2+ code # See CREDITS for breakdown of non GPLv2+ code
@ -32,6 +32,7 @@ Patch202: squid-3.1.0.9-location.patch
Patch203: squid-3.0.STABLE1-perlpath.patch Patch203: squid-3.0.STABLE1-perlpath.patch
Patch204: squid-3.5.9-include-guards.patch Patch204: squid-3.5.9-include-guards.patch
Patch205: 0001-cppunit-config-no-longer-exists-use-pkg-config.patch Patch205: 0001-cppunit-config-no-longer-exists-use-pkg-config.patch
Patch206: squid-3.5-13981.patch
Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
Requires: bash >= 2.0 Requires: bash >= 2.0
@ -92,6 +93,7 @@ lookup program (dnsserver), a program for retrieving FTP data
%patch203 -p1 -b .perlpath %patch203 -p1 -b .perlpath
%patch204 -p0 -b .include-guards %patch204 -p0 -b .include-guards
%patch205 -p1 -b .cppunit-config %patch205 -p1 -b .cppunit-config
%patch206 -p0 -b .CVE-2016-2390
%build %build
# cppunit-config patch changes configure.ac # cppunit-config patch changes configure.ac
@ -286,6 +288,10 @@ fi
%changelog %changelog
* Tue Mar 01 2016 Luboš Uhliarik <luhliari@redhat.com> - 7:3.5.13-3
- Resolves: #1308866 - CVE-2016-2390 squid: incorrect server error
handling resulting in denial of service
* Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 7:3.5.13-2 * Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 7:3.5.13-2
- Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild