Add a patch for SQUID-2012_1.txt.

Bump PKGREVISION.
2012-12-17 13:36:21 +00:00 · 2012-12-17 13:36:21 +00:00 · 9ee050a30d
commit 9ee050a30d
parent 7c9a8eddb4
3 changed files with 131 additions and 3 deletions
--- a/www/squid27/Makefile
+++ b/www/squid27/Makefile
@ -1,7 +1,7 @@
-# $NetBSD: Makefile,v 1.19 2012/12/16 01:52:39 obache Exp $
+# $NetBSD: Makefile,v 1.20 2012/12/17 13:36:21 taca Exp $

 DISTNAME=	squid-2.7.STABLE9
-PKGREVISION=	4
+PKGREVISION=	5

 PKGNAME=	${DISTNAME:S/STABLE//}
 CATEGORIES=	www
--- a/www/squid27/distinfo
+++ b/www/squid27/distinfo
@ -1,4 +1,4 @@
-$NetBSD: distinfo,v 1.13 2012/11/19 03:02:50 joerg Exp $
+$NetBSD: distinfo,v 1.14 2012/12/17 13:36:21 taca Exp $

 SHA1 (squid-2.7.STABLE9.tar.bz2) = bd389da9b74fd338e358f6b3f83bd3a1ed4d4f6f
 RMD160 (squid-2.7.STABLE9.tar.bz2) = bfa7c3dc3ede68646603f3379de35f44d7d8e97d
@ -16,3 +16,4 @@ SHA1 (patch-aj) = c5c7cd10a63a5066eee63988775f71758ed5463e
 SHA1 (patch-ak) = 64c858cc1167ad4a62ed20948ce1c1d844ecae22
 SHA1 (patch-al) = a9e957a90dc6956e59668c297dd8566642baecff
 SHA1 (patch-am) = c31f27816578a05a909c4e64a646919d35e04c42
+SHA1 (patch-tools_cachemgr.c) = 788e1ccb44b5dccf22d7d7d8ded52c7ca87f5492
--- a/www/squid27/patches/patch-tools_cachemgr.c
+++ b/www/squid27/patches/patch-tools_cachemgr.c
@ -0,0 +1,127 @@
+$NetBSD: patch-tools_cachemgr.c,v 1.1 2012/12/17 13:36:21 taca Exp $
+
+Trying to handle http://www.squid-cache.org/Advisories/SQUID-2012_1.txt.
+
+--- tools/cachemgr.c.orig	2008-06-24 22:55:11.000000000 +0000
+++ tools/cachemgr.c
+@@ -509,12 +509,15 @@ munge_action_line(const char *_buf, cach
+     if ((p = strchr(x, '\n')))
+ 	*p = '\0';
+     action = xstrtok(&x, '\t');
+    if (!action) {
+	xfree(buf);
+	return "";
+    }
+     description = xstrtok(&x, '\t');
+     if (!description)
+ 	description = action;
+-    if (!action)
+-	return "";
+     snprintf(html, sizeof(html), " <a href=\"%s\">%s</a>", menu_url(req, action), description);
+    xfree(buf);
+     return html;
+ }
+ 
+@@ -715,6 +718,7 @@ process_request(cachemgr_request * req)
+     if (connect(s, (struct sockaddr *) &S, sizeof(struct sockaddr_in)) < 0) {
+ 	snprintf(buf, 1024, "connect: %s\n", xstrerror());
+ 	error_html(buf);
+	close(s);
+ 	return 1;
+     }
+     l = snprintf(buf, sizeof(buf),
+@@ -765,18 +769,43 @@ read_post_request(void)
+ {
+     char *s;
+     char *buf;
+-    int len;
+    char *endptr;
+    uint64_t len;
+    size_t bufLen, readLen;
+
+     if ((s = getenv("REQUEST_METHOD")) == NULL)
+ 	return NULL;
+     if (0 != strcasecmp(s, "POST"))
+ 	return NULL;
+     if ((s = getenv("CONTENT_LENGTH")) == NULL)
+ 	return NULL;
+-    if ((len = atoi(s)) <= 0)
+    if (*s == '-') // negative length content huh?
+	return NULL;
+
+    endptr = s+ strlen(s);
+    if ((len = strtoll(s, &endptr, 10)) <= 0)
+ 	return NULL;
+-    buf = xmalloc(len + 1);
+-    fread(buf, len, 1, stdin);
+-    buf[len] = '\0';
+
+    // limit the input to something reasonable.
+    // 4KB should be enough for the GET/POST data length, but may be extended.
+    bufLen = (len >= 4096 ? len : 4095);
+    buf = (char *)xmalloc(bufLen + 1);
+
+    readLen = fread(buf, bufLen, 1, stdin);
+    if (readLen == 0) {
+        xfree(buf);
+        return NULL;
+    }
+    buf[readLen] = '\0';
+    len -= readLen;
+
+    // purge the remainder of the request entity
+    while (len > 0) {
+        char temp[65535];
+        readLen = fread(temp, 65535, 1, stdin);
+        len -= readLen;
+    }
+
+     return buf;
+ }
+ 
+@@ -886,26 +915,38 @@ decode_pub_auth(cachemgr_request * req)
+     buf = xstrdup(base64_decode(req->pub_auth));
+     debug(3) fprintf(stderr, "cmgr: length ok\n");
+     /* parse ( a lot of memory leaks, but that is cachemgr style :) */
+-    if ((host_name = strtok(buf, "|")) == NULL)
+    if ((host_name = strtok(buf, "|")) == NULL) {
+	xfree(buf);
+ 	return;
+    }
+     debug(3) fprintf(stderr, "cmgr: decoded host: '%s'\n", host_name);
+-    if ((time_str = strtok(NULL, "|")) == NULL)
+    if ((time_str = strtok(NULL, "|")) == NULL) {
+	xfree(buf);
+ 	return;
+    }
+     debug(3) fprintf(stderr, "cmgr: decoded time: '%s' (now: %d)\n", time_str, (int) now);
+-    if ((user_name = strtok(NULL, "|")) == NULL)
+    if ((user_name = strtok(NULL, "|")) == NULL) {
+        xfree(buf);
+ 	return;
+    }
+     debug(3) fprintf(stderr, "cmgr: decoded uname: '%s'\n", user_name);
+-    if ((passwd = strtok(NULL, "|")) == NULL)
+    if ((passwd = strtok(NULL, "|")) == NULL) {
+        xfree(buf);
+ 	return;
+    }
+     debug(2) fprintf(stderr, "cmgr: decoded passwd: '%s'\n", passwd);
+     /* verify freshness and validity */
+-    if (atoi(time_str) + passwd_ttl < now)
+    if (atoi(time_str) + passwd_ttl < now) {
+        xfree(buf);
+ 	return;
+-    if (strcasecmp(host_name, req->hostname))
+    }
+    if (strcasecmp(host_name, req->hostname)) {
+        xfree(buf);
+ 	return;
+    }
+     debug(1) fprintf(stderr, "cmgr: verified auth. info.\n");
+     /* ok, accept */
+-    xfree(req->user_name);
+    safe_free(req->user_name);
+     req->user_name = xstrdup(user_name);
+     req->passwd = xstrdup(passwd);
+     xfree(buf);