commit 8fcff9c09824b18628f010d26a04247f6a6cbcb8
Author: Alex Rousskov <rousskov@measurement-factory.com>
Date:   Sun Nov 12 09:33:20 2023 +0000

    Do not update StoreEntry expiration after errorAppendEntry() (#1580)
    
    errorAppendEntry() is responsible for setting entry expiration times,
    which it does by calling StoreEntry::storeErrorResponse() that calls
    StoreEntry::negativeCache().
    
    This change was triggered by a vulnerability report by Joshua Rogers at
    https://megamansec.github.io/Squid-Security-Audit/cache-uaf.html where
    it was filed as "Use-After-Free in Cache Manager Errors". The reported
    "use after free" vulnerability was unknowingly addressed by 2022 commit
    1fa761a that removed excessively long "reentrant" store_client calls
    responsible for the disappearance of the properly locked StoreEntry in
    this (and probably other) contexts.


diff --git a/src/cache_manager.cc b/src/cache_manager.cc
index 8055ece..fdcc9cf 100644
--- a/src/cache_manager.cc
+++ b/src/cache_manager.cc
@@ -323,7 +323,6 @@ CacheManager::Start(const Comm::ConnectionPointer &client, HttpRequest * request
         const auto err = new ErrorState(ERR_INVALID_URL, Http::scNotFound, request);
         err->url = xstrdup(entry->url());
         errorAppendEntry(entry, err);
-        entry->expires = squid_curtime;
         return;
     }