squid/squid-3.5-13981.patch
Luboš Uhliarik 031f48e6bd Resolves: #1308866 - CVE-2016-2390 squid: incorrect server error
handling resulting in denial of service
2016-03-01 12:42:04 +01:00

47 lines
1.9 KiB
Diff

------------------------------------------------------------
revno: 13981
revision-id: squid3@treenet.co.nz-20160213062427-jz0en4qyajeqpa7x
parent: squid3@treenet.co.nz-20160212045102-ivwab8s8p2gi32fv
fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4437
author: Christos Tsantilas <chtsanti@users.sourceforge.net>
committer: Amos Jeffries <squid3@treenet.co.nz>
branch nick: 3.5
timestamp: Sat 2016-02-13 19:24:27 +1300
message:
Bug 4437: Fix Segfault on Certain SSL Handshake Errors
Squid after an unsuccesfull try to connect to the remote server may make two
concurrent retries to connect to the remote SSL server, calling twice the
FwdState::retryOrBail() method, which may result to unexpected behaviour.
Prevent this by just closing the connection to the remote SSL server inside
FwdState::connectedToPeer method on error and instead of calling the
FwdState::retryOrBail method, just allow comm_close handler to retry the
connection if required.
This is a Measurement Factory project
------------------------------------------------------------
# Bazaar merge directive format 2 (Bazaar 0.90)
# revision_id: squid3@treenet.co.nz-20160213062427-jz0en4qyajeqpa7x
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# testament_sha1: f22a644062f4d8c8a13897b396197ea7b44b4231
# timestamp: 2016-02-13 06:53:09 +0000
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5
# base_revision_id: squid3@treenet.co.nz-20160212045102-\
# ivwab8s8p2gi32fv
#
# Begin patch
=== modified file 'src/FwdState.cc'
--- src/FwdState.cc 2016-01-31 05:39:09 +0000
+++ src/FwdState.cc 2016-02-13 06:24:27 +0000
@@ -719,7 +719,7 @@
answer.error.clear(); // preserve error for errorSendComplete()
if (CachePeer *p = serverConnection()->getPeer())
peerConnectFailed(p);
- retryOrBail();
+ serverConnection()->close();
return;
}