squid/squid-5.5-CVE-2023-46724.patch
Luboš Uhliarik 203568450c Resolves: RHEL-18354 - squid: Buffer over-read in the HTTP Message processing
feature (CVE-2023-49285)
Resolves: RHEL-18345 - squid: Incorrect Check of Function Return Value In
  Helper Process management (CVE-2023-49286)
Resolves: RHEL-18146 - squid crashes in assertion when a parent peer exists
Resolves: RHEL-18231 - squid: Denial of Service in SSL Certificate validation
  (CVE-2023-46724)
Resolves: RHEL-15912 - squid: NULL pointer dereference in the gopher protocol
  code (CVE-2023-46728)
2024-02-01 16:47:43 +01:00

25 lines
794 B
Diff

diff --git a/src/anyp/Uri.cc b/src/anyp/Uri.cc
index 20b9bf1..81ebb18 100644
--- a/src/anyp/Uri.cc
+++ b/src/anyp/Uri.cc
@@ -173,6 +173,10 @@ urlInitialize(void)
assert(0 == matchDomainName("*.foo.com", ".foo.com", mdnHonorWildcards));
assert(0 != matchDomainName("*.foo.com", "foo.com", mdnHonorWildcards));
+ assert(0 != matchDomainName("foo.com", ""));
+ assert(0 != matchDomainName("foo.com", "", mdnHonorWildcards));
+ assert(0 != matchDomainName("foo.com", "", mdnRejectSubsubDomains));
+
/* more cases? */
}
@@ -756,6 +760,8 @@ matchDomainName(const char *h, const char *d, MatchDomainNameFlags flags)
return -1;
dl = strlen(d);
+ if (dl == 0)
+ return 1;
/*
* Start at the ends of the two strings and work towards the