From 45b981917064fb2e2ed427b64a9989968755df81 Mon Sep 17 00:00:00 2001 From: Michal Luscon Date: Fri, 25 Jan 2013 10:17:48 +0100 Subject: [PATCH] CVE-2013-0189: Incomplete fix for the CVE-2012-5643 --- CVE-2013-0189.patch | 85 +++++++++++++++++++++++++++++++++++++++++++++ squid.spec | 7 +++- 2 files changed, 91 insertions(+), 1 deletion(-) create mode 100644 CVE-2013-0189.patch diff --git a/CVE-2013-0189.patch b/CVE-2013-0189.patch new file mode 100644 index 0000000..0d0e788 --- /dev/null +++ b/CVE-2013-0189.patch @@ -0,0 +1,85 @@ +------------------------------------------------------------ +revno: 11743 +revision-id: squid3@treenet.co.nz-20130101052914-r4lk62270w4sh498 +parent: squid3@treenet.co.nz-20121230074717-y9oekp0bfabt6szv +committer: Amos Jeffries +branch nick: 3.2 +timestamp: Mon 2012-12-31 22:29:14 -0700 +message: + Additional pieces of SQUID-2012:1 +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20130101052914-r4lk62270w4sh498 +# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ +# /SQUID_3_2 +# testament_sha1: 3cf80543cf33a78ae27d5178a8e9958854350ca3 +# timestamp: 2013-01-01 05:35:26 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ +# /SQUID_3_2 +# base_revision_id: squid3@treenet.co.nz-20121230074717-\ +# y9oekp0bfabt6szv +# +# Begin patch +=== modified file 'tools/cachemgr.cc' +--- ./tools/cachemgr.cc 2012-11-29 11:15:32 +0000 ++++ ./tools/cachemgr.cc 2013-01-01 05:29:14 +0000 +@@ -980,10 +980,10 @@ + + // limit the input to something reasonable. + // 4KB should be enough for the GET/POST data length, but may be extended. +- size_t bufLen = (len >= 4096 ? len : 4095); ++ size_t bufLen = (len < 4096 ? len : 4095); + char *buf = (char *)xmalloc(bufLen + 1); + +- size_t readLen = fread(buf, bufLen, 1, stdin); ++ size_t readLen = fread(buf, 1, bufLen, stdin); + if (readLen == 0) { + xfree(buf); + return NULL; +@@ -994,7 +994,7 @@ + // purge the remainder of the request entity + while (len > 0) { + char temp[65535]; +- readLen = fread(temp, 65535, 1, stdin); ++ readLen = fread(temp, 1, 65535, stdin); + len -= readLen; + } + + +------------------------------------------------------------ +revno: 11744 +revision-id: squid3@treenet.co.nz-20130108224018-5g5t67qy79rnboih +parent: squid3@treenet.co.nz-20130101052914-r4lk62270w4sh498 +author: Eygene Ryabinkin +committer: Amos Jeffries +branch nick: 3.2 +timestamp: Tue 2013-01-08 15:40:18 -0700 +message: + Another piece of SQUID-2012:1 +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20130108224018-5g5t67qy79rnboih +# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ +# /SQUID_3_2 +# testament_sha1: 0e05b63f51b67c2f34ddd5955b266c06fca288db +# timestamp: 2013-01-08 22:45:41 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ +# /SQUID_3_2 +# base_revision_id: squid3@treenet.co.nz-20130101052914-\ +# r4lk62270w4sh498 +# +# Begin patch +=== modified file 'tools/cachemgr.cc' +--- ./tools/cachemgr.cc 2013-01-01 05:29:14 +0000 ++++ ./tools/cachemgr.cc 2013-01-08 22:40:18 +0000 +@@ -992,7 +992,7 @@ + len -= readLen; + + // purge the remainder of the request entity +- while (len > 0) { ++ while (len > 0 && readLen) { + char temp[65535]; + readLen = fread(temp, 1, 65535, stdin); + len -= readLen; + + diff --git a/squid.spec b/squid.spec index a215ef0..d5fa74b 100644 --- a/squid.spec +++ b/squid.spec @@ -4,7 +4,7 @@ Name: squid Version: 3.2.5 -Release: 1%{?dist} +Release: 2%{?dist} Summary: The Squid proxy caching server Epoch: 7 # See CREDITS for breakdown of non GPLv2+ code @@ -37,6 +37,7 @@ Patch202: squid-3.1.0.9-location.patch Patch203: squid-3.0.STABLE1-perlpath.patch Patch204: squid-3.2.0.9-fpic.patch Patch205: squid-3.1.9-ltdl.patch +Patch206: CVE-2013-0189.patch Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n) Requires: bash >= 2.0 @@ -104,6 +105,7 @@ The squid-sysvinit contains SysV initscritps support. %patch203 -p1 -b .perlpath %patch204 -p1 -b .fpic %patch205 -p1 -b .ltdl +%patch206 -p1 -b .CVE-2013-0189 %build %ifarch sparcv9 sparc64 s390 s390x @@ -307,6 +309,9 @@ fi /sbin/chkconfig --add squid >/dev/null 2>&1 || : %changelog +* Thu Jan 24 2013 Michal Luscon - 7:3.2.5-2 +- CVE-2013-0189: Incomplete fix for the CVE-2012-5643 + * Mon Dec 17 2012 Michal Luscon - 7:3.2.5-1 - Update to latest upstream version 3.2.5