import squid-4.11-4.module+el8.4.0+9038+276d2d9f

This commit is contained in:
CentOS Sources 2021-05-18 02:50:33 -04:00 committed by Andrew Lukoshko
parent 11b0ae8e0d
commit 32f4bda808
2 changed files with 35 additions and 1 deletions

View File

@ -0,0 +1,27 @@
diff --git a/tools/cachemgr.cc b/tools/cachemgr.cc
index 36d8e38..50bb9b6 100644
--- a/tools/cachemgr.cc
+++ b/tools/cachemgr.cc
@@ -1092,14 +1092,20 @@ make_pub_auth(cachemgr_request * req)
if (!req->passwd || !strlen(req->passwd))
return;
+ auto *rfc1738_username = xstrdup(rfc1738_escape(safe_str(req->user_name)));
+ auto *rfc1738_passwd = xstrdup(rfc1738_escape(req->passwd));
+
/* host | time | user | passwd */
const int bufLen = snprintf(buf, sizeof(buf), "%s|%d|%s|%s",
req->hostname,
(int) now,
- rfc1738_escape(safe_str(req->user_name)),
- rfc1738_escape(req->passwd));
+ rfc1738_username,
+ rfc1738_passwd);
debug("cmgr: pre-encoded for pub: %s\n", buf);
+ safe_free(rfc1738_username);
+ safe_free(rfc1738_passwd);
+
const int encodedLen = base64_encode_len(bufLen);
req->pub_auth = (char *) xmalloc(encodedLen);
struct base64_encode_ctx ctx;

View File

@ -2,7 +2,7 @@
Name: squid Name: squid
Version: 4.11 Version: 4.11
Release: 3%{?dist} Release: 4%{?dist}
Summary: The Squid proxy caching server Summary: The Squid proxy caching server
Epoch: 7 Epoch: 7
# See CREDITS for breakdown of non GPLv2+ code # See CREDITS for breakdown of non GPLv2+ code
@ -36,6 +36,8 @@ Patch206: squid-4.11-active-ftp.patch
# https://github.com/squid-cache/squid/commit/c26cd1cb6a60ff196ef13c00e82576d3bfeb2e30 # https://github.com/squid-cache/squid/commit/c26cd1cb6a60ff196ef13c00e82576d3bfeb2e30
Patch207: squid-4.11-systemd.patch Patch207: squid-4.11-systemd.patch
Patch208: squid-4.11-convert-ipv4.patch Patch208: squid-4.11-convert-ipv4.patch
# https://bugzilla.redhat.com/show_bug.cgi?id=1890606
Patch209: squid-4.11-cache-mgr-auth-strdup.patch
# Security fixes # Security fixes
# https://bugzilla.redhat.com/show_bug.cgi?id=1852554 # https://bugzilla.redhat.com/show_bug.cgi?id=1852554
@ -109,6 +111,7 @@ lookup program (dnsserver), a program for retrieving FTP data
%patch206 -p1 -b .active-ftp %patch206 -p1 -b .active-ftp
%patch207 -p1 -b .systemd %patch207 -p1 -b .systemd
%patch208 -p1 -R -b .convert-ipv4 %patch208 -p1 -R -b .convert-ipv4
%patch209 -p1 -b .cachemgr-strdup
# Security patches # Security patches
%patch500 -p1 -b .cve-2020-14058 %patch500 -p1 -b .cve-2020-14058
@ -332,6 +335,10 @@ fi
%changelog %changelog
* Mon Oct 26 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.11-4
- Resolves: #1890606 - Fix for CVE 2019-13345 breaks authentication in
cachemgr.cgi
* Wed Aug 26 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.11-3 * Wed Aug 26 2020 Lubos Uhliarik <luhliari@redhat.com> - 7:4.11-3
- Resolves: #1871705 - CVE-2020-24606 squid: Improper Input Validation could - Resolves: #1871705 - CVE-2020-24606 squid: Improper Input Validation could
result in a DoS result in a DoS