Security patch for Squid advisory 2010:1, denial of service.

Submitted by: maintainer (Thomas-Martin Seck <tmseck web de>)
svn path=/head/; revision=249050
2010-02-01 20:25:56 +00:00 · 2010-02-01 20:25:56 +00:00 · 3f1f30c23c · 2021-03-31 03:12:20 +00:00
commit 3f1f30c23c
parent fb1abdada3
3 changed files with 70 additions and 1 deletions
--- a/security/vuxml/vuln.xml
+++ b/security/vuxml/vuln.xml
@ -34,6 +34,37 @@ Note:  Please add new entries to the beginning of this file.

 -->
 <vuxml xmlns="http://www.vuxml.org/apps/vuxml-1">
+  <vuln vid="296ecb59-0f6b-11df-8bab-0019996bc1f7">
+    <topic>squid -- Denial of Service vulnerability in DNS handling</topic>
+    <affects>
+      <package>
+	<name>squid</name>
+	<range><ge>2.7.1</ge><lt>2.7.7_3</lt></range>
+	<range><ge>3.0.1</ge><lt>3.0.22</lt></range>
+	<range><ge>3.1.0.1</ge><lt>3.1.0.16</lt></range>
+       </package>
+    </affects>
+    <description>
+      <body xmlns="http://www.w3.org/1999/xhtml">
+	<p>Squid security advisory 2010:1 reports:</p>
+	<blockquote cite="http://www.squid-cache.org/Advisories/SQUID-2010_1.txt">
+	  <p>Due to incorrect data validation Squid is vulnerable to a denial
+	    of service attack when processing specially crafted DNS packets.</p>
+	  <p>This problem allows any trusted client or external server who can
+	    determine the squid receiving port to perform a short-term denial
+	    of service attack on the Squid service.</p>
+	</blockquote>
+      </body>
+    </description>
+    <references>
+      <url>http://www.squid-cache.org/Advisories/SQUID-2010_1.txt</url>
+    </references>
+    <dates>
+      <discovery>2010-01-14</discovery>
+      <entry>2010-02-01</entry>
+    </dates>
+  </vuln>
+
  <vuln vid="696053c6-0f50-11df-a628-001517351c22">
    <topic>bugzilla -- information leak</topic>
    <affects>
--- a/www/squid/Makefile
+++ b/www/squid/Makefile
@ -76,7 +76,7 @@

 PORTNAME=	squid
 PORTVERSION=	2.7.${SQUID_STABLE_VER}
-PORTREVISION=	2
+PORTREVISION=	3
 CATEGORIES=	www
 MASTER_SITES=	ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
 		ftp://mirrors.24-7-solutions.net/pub/squid/%SUBDIR%/ \
--- a/www/squid/files/patch-squid-advisory-2010:1
+++ b/www/squid/files/patch-squid-advisory-2010:1
@ -0,0 +1,38 @@
+FreeBSD-Patch for Squid-Advisory 2010:1, prepared by Thomas-Martin Seck,
+<tmseck@web.de>, 2010-02-01.
+
+Removed one directory level and the first hunk with CVS meta-information
+from the original patch. The original patch can be downloaded from:
+http://www.squid-cache.org/Versions/v2/HEAD/changesets/12597.patch
+
+---------------------
+PatchSet 12597 
+Date: 2010/01/15 11:40:30
+Author: amosjeffries
+Branch: HEAD
+Tag: (none) 
+Log:
+Handle DNS header-only packets as invalid.
+
+Members: 
+	lib/rfc1035.c:1.30->1.31 
+
+Index: lib/rfc1035.c
+===================================================================
+RCS file: /cvsroot/squid/squid/lib/rfc1035.c,v
+retrieving revision 1.30
+retrieving revision 1.31
+diff -u -r1.30 -r1.31
+--- lib/rfc1035.c	15 Jun 2008 03:49:55 -0000	1.30
+++ lib/rfc1035.c	15 Jan 2010 11:40:30 -0000	1.31
+@@ -286,7 +286,9 @@
+     size_t len;
+     assert(ns > 0);
+     do {
+-	assert((*off) < sz);
+	if ((*off) >= sz) {
+	    return 1;
+	}
+ 	c = *(buf + (*off));
+ 	if (c > 191) {
+ 	    /* blasted compression */