Resolves: #1308866 - CVE-2016-2390 squid: incorrect server error

handling resulting in denial of service
2016-03-01 12:42:04 +01:00 · 2016-03-01 12:42:04 +01:00 · 031f48e6bd
commit 031f48e6bd
parent 0e2182c799
2 changed files with 53 additions and 1 deletions
--- a/squid-3.5-13981.patch
+++ b/squid-3.5-13981.patch
@ -0,0 +1,46 @@
 ------------------------------------------------------------
 revno: 13981
 revision-id: squid3@treenet.co.nz-20160213062427-jz0en4qyajeqpa7x
 parent: squid3@treenet.co.nz-20160212045102-ivwab8s8p2gi32fv
 fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4437
 author: Christos Tsantilas <chtsanti@users.sourceforge.net>
 committer: Amos Jeffries <squid3@treenet.co.nz>
 branch nick: 3.5
 timestamp: Sat 2016-02-13 19:24:27 +1300
 message:
  Bug 4437: Fix Segfault on Certain SSL Handshake Errors
  Squid after an unsuccesfull try to connect to the remote server may make two
  concurrent retries to connect to the remote SSL server, calling twice the
  FwdState::retryOrBail() method, which may result to unexpected behaviour.
  Prevent this by just closing the connection to the remote SSL server inside
  FwdState::connectedToPeer method on error and instead of calling the
  FwdState::retryOrBail method, just allow comm_close handler to retry the
  connection if required.
    This is a Measurement Factory project
 ------------------------------------------------------------
 # Bazaar merge directive format 2 (Bazaar 0.90)
 # revision_id: squid3@treenet.co.nz-20160213062427-jz0en4qyajeqpa7x
 # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
 # testament_sha1: f22a644062f4d8c8a13897b396197ea7b44b4231
 # timestamp: 2016-02-13 06:53:09 +0000
 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
 # base_revision_id: squid3@treenet.co.nz-20160212045102-\
 #   ivwab8s8p2gi32fv
 # 
 # Begin patch
 === modified file 'src/FwdState.cc'
 --- src/FwdState.cc	2016-01-31 05:39:09 +0000
 +++ src/FwdState.cc	2016-02-13 06:24:27 +0000
@@ -719,7 +719,7 @@
         answer.error.clear(); // preserve error for errorSendComplete()
         if (CachePeer *p = serverConnection()->getPeer())
             peerConnectFailed(p);
 -        retryOrBail();
 +        serverConnection()->close();
         return;
     }
--- a/squid.spec
+++ b/squid.spec
@ -2,7 +2,7 @@
 Name:     squid
 Version:  3.5.13
-Release:  2%{?dist}
+Release:  3%{?dist}
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
@ -32,6 +32,7 @@ Patch202: squid-3.1.0.9-location.patch
 Patch203: squid-3.0.STABLE1-perlpath.patch
 Patch204: squid-3.5.9-include-guards.patch
 Patch205: 0001-cppunit-config-no-longer-exists-use-pkg-config.patch
 Patch206: squid-3.5-13981.patch
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: bash >= 2.0
@ -92,6 +93,7 @@ lookup program (dnsserver), a program for retrieving FTP data
 %patch203 -p1 -b .perlpath
 %patch204 -p0 -b .include-guards
 %patch205 -p1 -b .cppunit-config
 %patch206 -p0 -b .CVE-2016-2390
 %build
 # cppunit-config patch changes configure.ac
@ -286,6 +288,10 @@ fi
 %changelog
 * Tue Mar 01 2016 Luboš Uhliarik <luhliari@redhat.com> - 7:3.5.13-3
 - Resolves: #1308866 - CVE-2016-2390 squid: incorrect server error 
  handling resulting in denial of service
 * Fri Feb 05 2016 Fedora Release Engineering <releng@fedoraproject.org> - 7:3.5.13-2
 - Rebuilt for https://fedoraproject.org/wiki/Fedora_24_Mass_Rebuild