import squid-4.15-3.module+el8.6.0+15801+8fa20c64.1
This commit is contained in:
parent
132f26e366
commit
e37193a02a
129
SOURCES/squid-4.15-CVE-2021-46784.patch
Normal file
129
SOURCES/squid-4.15-CVE-2021-46784.patch
Normal file
@ -0,0 +1,129 @@
|
|||||||
|
From 780c4ea1b4c9d2fb41f6962aa6ed73ae57f74b2b Mon Sep 17 00:00:00 2001
|
||||||
|
From: Joshua Rogers <MegaManSec@users.noreply.github.com>
|
||||||
|
Date: Mon, 18 Apr 2022 13:42:36 +0000
|
||||||
|
Subject: [PATCH] Improve handling of Gopher responses (#1022)
|
||||||
|
|
||||||
|
---
|
||||||
|
src/gopher.cc | 45 ++++++++++++++++++++-------------------------
|
||||||
|
1 file changed, 20 insertions(+), 25 deletions(-)
|
||||||
|
|
||||||
|
diff --git a/src/gopher.cc b/src/gopher.cc
|
||||||
|
index 169b0e18299..6187da18bcd 100644
|
||||||
|
--- a/src/gopher.cc
|
||||||
|
+++ b/src/gopher.cc
|
||||||
|
@@ -371,7 +371,6 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
|
||||||
|
char *lpos = NULL;
|
||||||
|
char *tline = NULL;
|
||||||
|
LOCAL_ARRAY(char, line, TEMP_BUF_SIZE);
|
||||||
|
- LOCAL_ARRAY(char, tmpbuf, TEMP_BUF_SIZE);
|
||||||
|
char *name = NULL;
|
||||||
|
char *selector = NULL;
|
||||||
|
char *host = NULL;
|
||||||
|
@@ -381,7 +380,6 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
|
||||||
|
char gtype;
|
||||||
|
StoreEntry *entry = NULL;
|
||||||
|
|
||||||
|
- memset(tmpbuf, '\0', TEMP_BUF_SIZE);
|
||||||
|
memset(line, '\0', TEMP_BUF_SIZE);
|
||||||
|
|
||||||
|
entry = gopherState->entry;
|
||||||
|
@@ -416,7 +414,7 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
||||||
|
- String outbuf;
|
||||||
|
+ SBuf outbuf;
|
||||||
|
|
||||||
|
if (!gopherState->HTML_header_added) {
|
||||||
|
if (gopherState->conversion == GopherStateData::HTML_CSO_RESULT)
|
||||||
|
@@ -583,34 +581,34 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
- memset(tmpbuf, '\0', TEMP_BUF_SIZE);
|
||||||
|
-
|
||||||
|
if ((gtype == GOPHER_TELNET) || (gtype == GOPHER_3270)) {
|
||||||
|
if (strlen(escaped_selector) != 0)
|
||||||
|
- snprintf(tmpbuf, TEMP_BUF_SIZE, "<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"telnet://%s@%s%s%s/\">%s</A>\n",
|
||||||
|
- icon_url, escaped_selector, rfc1738_escape_part(host),
|
||||||
|
- *port ? ":" : "", port, html_quote(name));
|
||||||
|
+ outbuf.appendf("<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"telnet://%s@%s%s%s/\">%s</A>\n",
|
||||||
|
+ icon_url, escaped_selector, rfc1738_escape_part(host),
|
||||||
|
+ *port ? ":" : "", port, html_quote(name));
|
||||||
|
else
|
||||||
|
- snprintf(tmpbuf, TEMP_BUF_SIZE, "<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"telnet://%s%s%s/\">%s</A>\n",
|
||||||
|
- icon_url, rfc1738_escape_part(host), *port ? ":" : "",
|
||||||
|
- port, html_quote(name));
|
||||||
|
+ outbuf.appendf("<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"telnet://%s%s%s/\">%s</A>\n",
|
||||||
|
+ icon_url, rfc1738_escape_part(host), *port ? ":" : "",
|
||||||
|
+ port, html_quote(name));
|
||||||
|
|
||||||
|
} else if (gtype == GOPHER_INFO) {
|
||||||
|
- snprintf(tmpbuf, TEMP_BUF_SIZE, "\t%s\n", html_quote(name));
|
||||||
|
+ outbuf.appendf("\t%s\n", html_quote(name));
|
||||||
|
} else {
|
||||||
|
if (strncmp(selector, "GET /", 5) == 0) {
|
||||||
|
/* WWW link */
|
||||||
|
- snprintf(tmpbuf, TEMP_BUF_SIZE, "<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"http://%s/%s\">%s</A>\n",
|
||||||
|
- icon_url, host, rfc1738_escape_unescaped(selector + 5), html_quote(name));
|
||||||
|
+ outbuf.appendf("<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"http://%s/%s\">%s</A>\n",
|
||||||
|
+ icon_url, host, rfc1738_escape_unescaped(selector + 5), html_quote(name));
|
||||||
|
+ } else if (gtype == GOPHER_WWW) {
|
||||||
|
+ outbuf.appendf("<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"gopher://%s/%c%s\">%s</A>\n",
|
||||||
|
+ icon_url, rfc1738_escape_unescaped(selector), html_quote(name));
|
||||||
|
} else {
|
||||||
|
/* Standard link */
|
||||||
|
- snprintf(tmpbuf, TEMP_BUF_SIZE, "<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"gopher://%s/%c%s\">%s</A>\n",
|
||||||
|
- icon_url, host, gtype, escaped_selector, html_quote(name));
|
||||||
|
+ outbuf.appendf("<IMG border=\"0\" SRC=\"%s\"> <A HREF=\"gopher://%s/%c%s\">%s</A>\n",
|
||||||
|
+ icon_url, host, gtype, escaped_selector, html_quote(name));
|
||||||
|
}
|
||||||
|
}
|
||||||
|
|
||||||
|
safe_free(escaped_selector);
|
||||||
|
- outbuf.append(tmpbuf);
|
||||||
|
} else {
|
||||||
|
memset(line, '\0', TEMP_BUF_SIZE);
|
||||||
|
continue;
|
||||||
|
@@ -643,13 +641,12 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
|
||||||
|
break;
|
||||||
|
|
||||||
|
if (gopherState->cso_recno != recno) {
|
||||||
|
- snprintf(tmpbuf, TEMP_BUF_SIZE, "</PRE><HR noshade size=\"1px\"><H2>Record# %d<br><i>%s</i></H2>\n<PRE>", recno, html_quote(result));
|
||||||
|
+ outbuf.appendf("</PRE><HR noshade size=\"1px\"><H2>Record# %d<br><i>%s</i></H2>\n<PRE>", recno, html_quote(result));
|
||||||
|
gopherState->cso_recno = recno;
|
||||||
|
} else {
|
||||||
|
- snprintf(tmpbuf, TEMP_BUF_SIZE, "%s\n", html_quote(result));
|
||||||
|
+ outbuf.appendf("%s\n", html_quote(result));
|
||||||
|
}
|
||||||
|
|
||||||
|
- outbuf.append(tmpbuf);
|
||||||
|
break;
|
||||||
|
} else {
|
||||||
|
int code;
|
||||||
|
@@ -677,8 +674,7 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
|
||||||
|
|
||||||
|
case 502: { /* Too Many Matches */
|
||||||
|
/* Print the message the server returns */
|
||||||
|
- snprintf(tmpbuf, TEMP_BUF_SIZE, "</PRE><HR noshade size=\"1px\"><H2>%s</H2>\n<PRE>", html_quote(result));
|
||||||
|
- outbuf.append(tmpbuf);
|
||||||
|
+ outbuf.appendf("</PRE><HR noshade size=\"1px\"><H2>%s</H2>\n<PRE>", html_quote(result));
|
||||||
|
break;
|
||||||
|
}
|
||||||
|
|
||||||
|
@@ -694,13 +690,12 @@ gopherToHTML(GopherStateData * gopherState, char *inbuf, int len)
|
||||||
|
|
||||||
|
} /* while loop */
|
||||||
|
|
||||||
|
- if (outbuf.size() > 0) {
|
||||||
|
- entry->append(outbuf.rawBuf(), outbuf.size());
|
||||||
|
+ if (outbuf.length() > 0) {
|
||||||
|
+ entry->append(outbuf.rawContent(), outbuf.length());
|
||||||
|
/* now let start sending stuff to client */
|
||||||
|
entry->flush();
|
||||||
|
}
|
||||||
|
|
||||||
|
- outbuf.clean();
|
||||||
|
return;
|
||||||
|
}
|
||||||
|
|
@ -2,7 +2,7 @@
|
|||||||
|
|
||||||
Name: squid
|
Name: squid
|
||||||
Version: 4.15
|
Version: 4.15
|
||||||
Release: 3%{?dist}
|
Release: 3%{?dist}.1
|
||||||
Summary: The Squid proxy caching server
|
Summary: The Squid proxy caching server
|
||||||
Epoch: 7
|
Epoch: 7
|
||||||
# See CREDITS for breakdown of non GPLv2+ code
|
# See CREDITS for breakdown of non GPLv2+ code
|
||||||
@ -40,6 +40,8 @@ Patch209: squid-4.15-ftp-filename-extraction.patch
|
|||||||
# Security fixes
|
# Security fixes
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1941506
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1941506
|
||||||
Patch300: squid-4.15-CVE-2021-28116.patch
|
Patch300: squid-4.15-CVE-2021-28116.patch
|
||||||
|
# https://bugzilla.redhat.com/show_bug.cgi?id=2100721
|
||||||
|
Patch301: squid-4.15-CVE-2021-46784.patch
|
||||||
|
|
||||||
Requires: bash >= 2.0
|
Requires: bash >= 2.0
|
||||||
Requires(pre): shadow-utils
|
Requires(pre): shadow-utils
|
||||||
@ -103,6 +105,7 @@ lookup program (dnsserver), a program for retrieving FTP data
|
|||||||
|
|
||||||
# Security patches
|
# Security patches
|
||||||
%patch300 -p1 -b .CVE-2021-28116
|
%patch300 -p1 -b .CVE-2021-28116
|
||||||
|
%patch301 -p1 -b .CVE-2021-46784
|
||||||
|
|
||||||
# https://bugzilla.redhat.com/show_bug.cgi?id=1679526
|
# https://bugzilla.redhat.com/show_bug.cgi?id=1679526
|
||||||
# Patch in the vendor documentation and used different location for documentation
|
# Patch in the vendor documentation and used different location for documentation
|
||||||
@ -319,6 +322,10 @@ fi
|
|||||||
|
|
||||||
|
|
||||||
%changelog
|
%changelog
|
||||||
|
* Tue Jun 28 2022 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-3.1
|
||||||
|
- Resolves: #2100782 - CVE-2021-46784 squid:4/squid: DoS when processing gopher
|
||||||
|
server responses
|
||||||
|
|
||||||
* Wed Feb 09 2022 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-3
|
* Wed Feb 09 2022 Luboš Uhliarik <luhliari@redhat.com> - 7:4.15-3
|
||||||
- Resolves: #1941506 - CVE-2021-28116 squid:4/squid: out-of-bounds read in WCCP
|
- Resolves: #1941506 - CVE-2021-28116 squid:4/squid: out-of-bounds read in WCCP
|
||||||
protocol data may lead to information disclosure
|
protocol data may lead to information disclosure
|
||||||
|
Loading…
Reference in New Issue
Block a user