- Fix Bug 5318: peer_digest.cc:399: "fetch->pd && receivedData.data" (#1584)

This commit is contained in:
Eduard Abdullin 2024-03-06 15:38:53 +03:00
parent 4533dd2e0d
commit d2ec548d86
2 changed files with 54 additions and 1 deletions

View File

@ -0,0 +1,46 @@
From b6c01a2031944125b8cc6974f598c2cd66f0cee4 Mon Sep 17 00:00:00 2001
From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Mon, 20 Nov 2023 23:05:00 +0000
Subject: [PATCH] Bug 5318: peer_digest.cc:399: "fetch->pd &&
receivedData.data" (#1584)
Recent commit 122a6e3 removed HTTP response headers from store_client
responses. That removal created the possibility of an empty
StoreIOBuffer at the beginning of the feeding sequence. Pending Bug 5317
fix will make such buffers even more frequent. Existing store_client
recipients have varying requirements with regard to empty response
buffers, as documented in store_client::finishCallback(). We missed this
requirement conflict in Cache Digest code. This fix adjusts Cache
Digests code to be compatible with empty StoreIOBuffer representation in
current store_client code.
---
src/peer_digest.cc | 6 +++---
1 file changed, 3 insertions(+), 3 deletions(-)
diff --git a/src/peer_digest.cc b/src/peer_digest.cc
index e29614afd2c..7d290cc9013 100644
--- a/src/peer_digest.cc
+++ b/src/peer_digest.cc
@@ -349,11 +349,11 @@ peerDigestHandleReply(void *data, StoreIOBuffer receivedData)
return;
}
- assert(fetch->pd && receivedData.data);
+ assert(fetch->pd);
/* The existing code assumes that the received pointer is
* where we asked the data to be put
*/
- assert(fetch->buf + fetch->bufofs == receivedData.data);
+ assert(!receivedData.data || fetch->buf + fetch->bufofs == receivedData.data);
/* Update the buffer size */
fetch->bufofs += receivedData.length;
@@ -635,7 +635,7 @@ peerDigestFetchedEnough(DigestFetchState * fetch, char *buf, ssize_t size, const
}
/* continue checking (maybe-successful eof case) */
- if (!reason && !size) {
+ if (!reason && !size && fetch->state != DIGEST_READ_REPLY) {
if (!pd->cd)
reason = "null digest?!";
else if (fetch->mask_offset != pd->cd->mask_size)

View File

@ -2,7 +2,7 @@
Name: squid Name: squid
Version: 4.15 Version: 4.15
Release: 7%{?dist}.5 Release: 7%{?dist}.5.alma.1
Summary: The Squid proxy caching server Summary: The Squid proxy caching server
Epoch: 7 Epoch: 7
# See CREDITS for breakdown of non GPLv2+ code # See CREDITS for breakdown of non GPLv2+ code
@ -66,6 +66,8 @@ Patch1008: squid-4.15-CVE-2023-46724.patch
Patch1009: squid-4.15-CVE-2023-46728.patch Patch1009: squid-4.15-CVE-2023-46728.patch
Patch1010: squid-4.15-CVE-2023-49285.patch Patch1010: squid-4.15-CVE-2023-49285.patch
Patch1011: squid-4.15-CVE-2023-49286.patch Patch1011: squid-4.15-CVE-2023-49286.patch
# https://github.com/squid-cache/squid/commit/b6c01a2031944125b8cc6974f598c2cd66f0cee4
Patch1012: Bug-5318-fetch-pdreceivedData-data.patch
Requires: bash >= 2.0 Requires: bash >= 2.0
@ -150,6 +152,7 @@ lookup program (dnsserver), a program for retrieving FTP data
%patch1009 -p1 %patch1009 -p1
%patch1010 -p1 %patch1010 -p1
%patch1011 -p1 %patch1011 -p1
%patch1012 -p1
# https://bugzilla.redhat.com/show_bug.cgi?id=1679526 # https://bugzilla.redhat.com/show_bug.cgi?id=1679526
# Patch in the vendor documentation and used different location for documentation # Patch in the vendor documentation and used different location for documentation
@ -366,6 +369,10 @@ fi
%changelog %changelog
* Wed Mar 06 2024 Eduard Abdullin <eabdullin@almalinux.org> - 7:4.15-7.5.alma.1
- Fix Bug 5318: peer_digest.cc:399: "fetch->pd &&
receivedData.data" (#1584)
* Wed Jan 03 2024 Tianyue Lan <tianyue.lan@oracle.com> - 7:4.15-7.5 * Wed Jan 03 2024 Tianyue Lan <tianyue.lan@oracle.com> - 7:4.15-7.5
- Fix squid: Denial of Service in SSL Certificate validation (CVE-2023-46724) - Fix squid: Denial of Service in SSL Certificate validation (CVE-2023-46724)
- Fix squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728) - Fix squid: NULL pointer dereference in the gopher protocol code (CVE-2023-46728)