import squid-5.2-1.el9_0.2
This commit is contained in:
parent
7f41c0a50b
commit
6415ea1e4f
38
SOURCES/squid-5.2-CVE-2022-41318.patch
Normal file
38
SOURCES/squid-5.2-CVE-2022-41318.patch
Normal file
@ -0,0 +1,38 @@
|
|||||||
|
commit 4031c6c2b004190fdffbc19dab7cd0305a2025b7 (refs/remotes/origin/v4, refs/remotes/github/v4, refs/heads/v4)
|
||||||
|
Author: Amos Jeffries <yadij@users.noreply.github.com>
|
||||||
|
Date: 2022-08-09 23:34:54 +0000
|
||||||
|
|
||||||
|
Bug 3193 pt2: NTLM decoder truncating strings (#1114)
|
||||||
|
|
||||||
|
The initial bug fix overlooked large 'offset' causing integer
|
||||||
|
wrap to extract a too-short length string.
|
||||||
|
|
||||||
|
Improve debugs and checks sequence to clarify cases and ensure
|
||||||
|
that all are handled correctly.
|
||||||
|
|
||||||
|
diff --git a/lib/ntlmauth/ntlmauth.cc b/lib/ntlmauth/ntlmauth.cc
|
||||||
|
index 5d9637290..f00fd51f8 100644
|
||||||
|
--- a/lib/ntlmauth/ntlmauth.cc
|
||||||
|
+++ b/lib/ntlmauth/ntlmauth.cc
|
||||||
|
@@ -107,10 +107,19 @@ ntlm_fetch_string(const ntlmhdr *packet, const int32_t packet_size, const strhdr
|
||||||
|
int32_t o = le32toh(str->offset);
|
||||||
|
// debug("ntlm_fetch_string(plength=%d,l=%d,o=%d)\n",packet_size,l,o);
|
||||||
|
|
||||||
|
- if (l < 0 || l > NTLM_MAX_FIELD_LENGTH || o + l > packet_size || o == 0) {
|
||||||
|
- debug("ntlm_fetch_string: insane data (pkt-sz: %d, fetch len: %d, offset: %d)\n", packet_size,l,o);
|
||||||
|
+ if (l < 0 || l > NTLM_MAX_FIELD_LENGTH) {
|
||||||
|
+ debug("ntlm_fetch_string: insane string length (pkt-sz: %d, fetch len: %d, offset: %d)\n", packet_size,l,o);
|
||||||
|
return rv;
|
||||||
|
}
|
||||||
|
+ else if (o <= 0 || o > packet_size) {
|
||||||
|
+ debug("ntlm_fetch_string: insane string offset (pkt-sz: %d, fetch len: %d, offset: %d)\n", packet_size,l,o);
|
||||||
|
+ return rv;
|
||||||
|
+ }
|
||||||
|
+ else if (l > packet_size - o) {
|
||||||
|
+ debug("ntlm_fetch_string: truncated string data (pkt-sz: %d, fetch len: %d, offset: %d)\n", packet_size,l,o);
|
||||||
|
+ return rv;
|
||||||
|
+ }
|
||||||
|
+
|
||||||
|
rv.str = (char *)packet + o;
|
||||||
|
rv.l = 0;
|
||||||
|
if ((flags & NTLM_NEGOTIATE_ASCII) == 0) {
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
Name: squid
|
Name: squid
|
||||||
Version: 5.2
|
Version: 5.2
|
||||||
Release: 1%{?dist}.1
|
Release: 1%{?dist}.2
|
||||||
Summary: The Squid proxy caching server
|
Summary: The Squid proxy caching server
|
||||||
Epoch: 7
|
Epoch: 7
|
||||||
# See CREDITS for breakdown of non GPLv2+ code
|
# See CREDITS for breakdown of non GPLv2+ code
|
||||||
@ -45,6 +45,8 @@ Patch208: squid-5.1-test-store-cppsuite.patch
|
|||||||
# Security issues
|
# Security issues
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=2100721
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2100721
|
||||||
Patch501: squid-5.2-CVE-2021-46784.patch
|
Patch501: squid-5.2-CVE-2021-46784.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2129771
|
||||||
|
Patch502: squid-5.2-CVE-2022-41318.patch
|
||||||
|
|
||||||
# cache_swap.sh
|
# cache_swap.sh
|
||||||
Requires: bash gawk
|
Requires: bash gawk
|
||||||
@ -120,6 +122,7 @@ lookup program (dnsserver), a program for retrieving FTP data
|
|||||||
%patch208 -p1 -b .test-store-cpp
|
%patch208 -p1 -b .test-store-cpp
|
||||||
|
|
||||||
%patch501 -p1 -b .CVE-2021-46784
|
%patch501 -p1 -b .CVE-2021-46784
|
||||||
|
%patch502 -p1 -b .CVE-2022-41318
|
||||||
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1679526
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1679526
|
||||||
# Patch in the vendor documentation and used different location for documentation
|
# Patch in the vendor documentation and used different location for documentation
|
||||||
@ -351,6 +354,10 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Wed Sep 28 2022 Luboš Uhliarik <luhliari@redhat.com> - 7:5.2-1.2
|
||||||
|
- Resolves: #2130251 - CVE-2022-41318 squid: buffer-over-read in SSPI and SMB
|
||||||
|
authentication
|
||||||
|
|
||||||
* Tue Jun 28 2022 Luboš Uhliarik <luhliari@redhat.com> - 7:5.2-1.1
|
* Tue Jun 28 2022 Luboš Uhliarik <luhliari@redhat.com> - 7:5.2-1.1
|
||||||
- Resolves: #2100784 - CVE-2021-46784 squid: DoS when processing gopher server
|
- Resolves: #2100784 - CVE-2021-46784 squid: DoS when processing gopher server
|
||||||
responses
|
responses
|
||||||
|
Loading…
Reference in New Issue
Block a user