From 887d4651fb3114815b5964fa227f94a454abb46c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Lubo=C5=A1=20Uhliarik?= <luhliari@redhat.com>
Date: Tue, 21 Oct 2025 12:43:02 +0200
Subject: [PATCH] Follow-up for RHEL-122484 - attached wrong patch

Resolves: RHEL-122484 - squid: Squid vulnerable to information disclosure via
authentication credential leakage in error handling (CVE-2025-62168)
---
 squid-4.15-CVE-2025-62168.patch | 52 +++++++++++++++++++++++++--------
 squid.spec                      |  4 +--
 2 files changed, 42 insertions(+), 14 deletions(-)

diff --git a/squid-4.15-CVE-2025-62168.patch b/squid-4.15-CVE-2025-62168.patch
index 7baac58..f31a89d 100644
--- a/squid-4.15-CVE-2025-62168.patch
+++ b/squid-4.15-CVE-2025-62168.patch
@@ -60,7 +60,7 @@ index d55b870..7b18b0e 100644
  
  NAME: deny_info
 diff --git a/src/client_side_reply.cc b/src/client_side_reply.cc
-index fea5ecb..93692c3 100644
+index fea5ecb..c7dc756 100644
 --- a/src/client_side_reply.cc
 +++ b/src/client_side_reply.cc
 @@ -100,7 +100,7 @@ clientReplyContext::clientReplyContext(ClientHttpRequest *clientContext) :
@@ -82,7 +82,7 @@ index fea5ecb..93692c3 100644
  #if USE_AUTH
      errstate->auth_user_request = auth_user_request;
  #endif
-@@ -1078,11 +1075,14 @@ clientReplyContext::traceReply()
+@@ -1078,10 +1075,13 @@ clientReplyContext::traceReply()
      triggerInitialStoreRead();
      http->storeEntry()->releaseRequest();
      http->storeEntry()->buffer();
@@ -92,19 +92,25 @@ index fea5ecb..93692c3 100644
      HttpReply *rep = new HttpReply;
 -    rep->setHeaders(Http::scOkay, NULL, "text/plain", http->request->prefixLen(), 0, squid_curtime);
 +    rep->setHeaders(Http::scOkay, NULL, "message/http", content.contentSize(), 0, squid_curtime);
-+    rep->body.set(SBuf(content.buf, content.size));
++    rep->body.setMb(&content);
      http->storeEntry()->replaceHttpReply(rep);
 -    http->request->swapOut(http->storeEntry());
--    http->storeEntry()->complete();
-+    http->storeEntry()->completeSuccessfully("traceReply() stored the entire response");
+     http->storeEntry()->complete();
  }
  
- #define SENDING_BODY 0
 diff --git a/src/errorpage.cc b/src/errorpage.cc
-index 72be100..36ce593 100644
+index 72be100..c1f3b25 100644
 --- a/src/errorpage.cc
 +++ b/src/errorpage.cc
-@@ -678,7 +678,6 @@ ErrorState::~ErrorState()
+@@ -575,7 +575,6 @@ ErrorState::ErrorState(err_type t, Http::StatusCode status, HttpRequest * req) :
+     redirect_url(NULL),
+     callback(NULL),
+     callback_data(NULL),
+-    request_hdrs(NULL),
+     err_msg(NULL),
+ #if USE_OPENSSL
+     detail(NULL),
+@@ -678,7 +677,6 @@ ErrorState::~ErrorState()
      HTTPMSGUNLOCK(request);
      safe_free(redirect_url);
      safe_free(url);
@@ -112,10 +118,15 @@ index 72be100..36ce593 100644
      wordlistDestroy(&ftp.server_msg);
      safe_free(ftp.request);
      safe_free(ftp.reply);
-@@ -742,7 +741,10 @@ ErrorState::Dump(MemBuf * mb)
-                     SQUIDSBUFPRINT(request->url.path()),
-                     AnyP::ProtocolType_str[request->http_ver.protocol],
-                     request->http_ver.major, request->http_ver.minor);
+@@ -737,12 +735,10 @@ ErrorState::Dump(MemBuf * mb)
+     /* - HTTP stuff */
+     str.append("HTTP Request:\r\n", 15);
+     if (request) {
+-        str.appendf(SQUIDSBUFPH " " SQUIDSBUFPH " %s/%d.%d\n",
+-                    SQUIDSBUFPRINT(request->method.image()),
+-                    SQUIDSBUFPRINT(request->url.path()),
+-                    AnyP::ProtocolType_str[request->http_ver.protocol],
+-                    request->http_ver.major, request->http_ver.minor);
 -        request->header.packInto(&str);
 +        MemBuf r;
 +        r.init();
@@ -124,6 +135,23 @@ index 72be100..36ce593 100644
      }
  
      str.append("\r\n", 2);
+@@ -961,15 +957,8 @@ ErrorState::Convert(char token, bool building_deny_info_url, bool allowRecursion
+                 p = "[no request]";
+             break;
+         }
+-        if (request != NULL) {
+-            mb.appendf(SQUIDSBUFPH " " SQUIDSBUFPH " %s/%d.%d\n",
+-                       SQUIDSBUFPRINT(request->method.image()),
+-                       SQUIDSBUFPRINT(request->url.path()),
+-                       AnyP::ProtocolType_str[request->http_ver.protocol],
+-                       request->http_ver.major, request->http_ver.minor);
++        else if (request) {
+             request->header.packInto(&mb, true); //hide authorization data
+-        } else if (request_hdrs) {
+-            p = request_hdrs;
+         } else {
+             p = "[no request]";
+         }
 diff --git a/src/errorpage.h b/src/errorpage.h
 index 332e507..bf61b4d 100644
 --- a/src/errorpage.h
diff --git a/squid.spec b/squid.spec
index d44bdb4..c2d24a0 100644
--- a/squid.spec
+++ b/squid.spec
@@ -2,7 +2,7 @@
 
 Name:     squid
 Version:  4.15
-Release:  10%{?dist}.7
+Release:  10%{?dist}.8
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
@@ -378,7 +378,7 @@ fi
 
 
 %changelog
-* Mon Oct 20 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.7
+* Mon Oct 20 2025 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-10.8
 - Resolves: RHEL-122484 - squid: Squid vulnerable to information disclosure via
   authentication credential leakage in error handling (CVE-2025-62168)