Security patch for Squid advisory 2010:1, denial of service.
Submitted by: maintainer (Thomas-Martin Seck <tmseck web de>)
This commit is contained in:
parent
fb1abdada3
commit
3f1f30c23c
Notes:
svn2git
2021-03-31 03:12:20 +00:00
svn path=/head/; revision=249050
3 changed files with 70 additions and 1 deletions
|
@ -34,6 +34,37 @@ Note: Please add new entries to the beginning of this file.
|
|||
|
||||
-->
|
||||
<vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
|
||||
<vuln vid="296ecb59-0f6b-11df-8bab-0019996bc1f7">
|
||||
<topic>squid -- Denial of Service vulnerability in DNS handling</topic>
|
||||
<affects>
|
||||
<package>
|
||||
<name>squid</name>
|
||||
<range><ge>2.7.1</ge><lt>2.7.7_3</lt></range>
|
||||
<range><ge>3.0.1</ge><lt>3.0.22</lt></range>
|
||||
<range><ge>3.1.0.1</ge><lt>3.1.0.16</lt></range>
|
||||
</package>
|
||||
</affects>
|
||||
<description>
|
||||
<body xmlns="http://www.w3.org/1999/xhtml">
|
||||
<p>Squid security advisory 2010:1 reports:</p>
|
||||
<blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2010_1.txt">
|
||||
<p>Due to incorrect data validation Squid is vulnerable to a denial
|
||||
of service attack when processing specially crafted DNS packets.</p>
|
||||
<p>This problem allows any trusted client or external server who can
|
||||
determine the squid receiving port to perform a short-term denial
|
||||
of service attack on the Squid service.</p>
|
||||
</blockquote>
|
||||
</body>
|
||||
</description>
|
||||
<references>
|
||||
<url>http://www.squid-cache.org/Advisories/SQUID-2010_1.txt</url>
|
||||
</references>
|
||||
<dates>
|
||||
<discovery>2010-01-14</discovery>
|
||||
<entry>2010-02-01</entry>
|
||||
</dates>
|
||||
</vuln>
|
||||
|
||||
<vuln vid="696053c6-0f50-11df-a628-001517351c22">
|
||||
<topic>bugzilla -- information leak</topic>
|
||||
<affects>
|
||||
|
|
|
@ -76,7 +76,7 @@
|
|||
|
||||
PORTNAME= squid
|
||||
PORTVERSION= 2.7.${SQUID_STABLE_VER}
|
||||
PORTREVISION= 2
|
||||
PORTREVISION= 3
|
||||
CATEGORIES= www
|
||||
MASTER_SITES= ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
|
||||
ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
|
||||
|
|
38
www/squid/files/patch-squid-advisory-2010:1
Normal file
38
www/squid/files/patch-squid-advisory-2010:1
Normal file
|
@ -0,0 +1,38 @@
|
|||
FreeBSD-Patch for Squid-Advisory 2010:1, prepared by Thomas-Martin Seck,
|
||||
<tmseck@web.de>, 2010-02-01.
|
||||
|
||||
Removed one directory level and the first hunk with CVS meta-information
|
||||
from the original patch. The original patch can be downloaded from:
|
||||
http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch
|
||||
|
||||
---------------------
|
||||
PatchSet 12597
|
||||
Date: 2010/01/15 11:40:30
|
||||
Author: amosjeffries
|
||||
Branch: HEAD
|
||||
Tag: (none)
|
||||
Log:
|
||||
Handle DNS header-only packets as invalid.
|
||||
|
||||
Members:
|
||||
lib/rfc1035.c:1.30->1.31
|
||||
|
||||
Index: lib/rfc1035.c
|
||||
===================================================================
|
||||
RCS file: /cvsroot/squid/squid/lib/rfc1035.c,v
|
||||
retrieving revision 1.30
|
||||
retrieving revision 1.31
|
||||
diff -u -r1.30 -r1.31
|
||||
--- lib/rfc1035.c 15 Jun 2008 03:49:55 -0000 1.30
|
||||
+++ lib/rfc1035.c 15 Jan 2010 11:40:30 -0000 1.31
|
||||
@@ -286,7 +286,9 @@
|
||||
size_t len;
|
||||
assert(ns > 0);
|
||||
do {
|
||||
- assert((*off) < sz);
|
||||
+ if ((*off) >= sz) {
|
||||
+ return 1;
|
||||
+ }
|
||||
c = *(buf + (*off));
|
||||
if (c > 191) {
|
||||
/* blasted compression */
|
Loading…
Reference in a new issue