packages/squid
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix CVE-2020-25097

Browse Source
This commit is contained in:
eaglegai 2021-03-31 14:42:54 +08:00
parent f676e32d1a
commit df7193611e
2 changed files with 68 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

60
backport-CVE-2020-25097.patch Normal file
View File

@ -0,0 +1,60 @@
From dfd818595b54942cb1adc45f6aed95c9b706e3a8 Mon Sep 17 00:00:00 2001
From: Amos Jeffries <yadij@users.noreply.github.com>
Date: Fri, 4 Sep 2020 17:38:30 +1200
Subject: [PATCH] Merge pull request from GHSA-jvf6-h9gj-pmj6
* Add slash prefix to path-rootless or path-noscheme URLs
* Update src/anyp/Uri.cc
Co-authored-by: Alex Rousskov <rousskov@measurement-factory.com>
* restore file trailer GH auto-removes
* Remove redundant path-empty check
* Removed stale comment left behind by b2ab59a
Many things imply a leading `/` in a URI. Their enumeration is likely to
(and did) become stale, misleading the reader.
* fixup: Remind that the `src` iterator may be at its end
We are dereferencing `src` without comparing it to `\0`.
To many readers that (incorrectly) implies that we are not done iterating yet.
Also fixed branch-added comment indentation.
Co-authored-by: Alex Rousskov <rousskov@measurement-factory.com>
---
src/anyp/Uri.cc | 10 +++-------
1 file changed, 3 insertions(+), 7 deletions(-)
diff --git a/src/anyp/Uri.cc b/src/anyp/Uri.cc
index 72dddb64aa..88fd83ee2d 100644
--- a/src/anyp/Uri.cc
+++ b/src/anyp/Uri.cc
@@ -343,8 +343,9 @@ AnyP::Uri::parse(const HttpRequestMethod& method, const SBuf &rawUrl)
return false;
*dst = '\0';
- // bug 3074: received 'path' starting with '?', '#', or '\0' implies '/'
- if (*src == '?' || *src == '#' || *src == '\0') {
+ // We are looking at path-abempty.
+ if (*src != '/') {
+ // path-empty, including the end of the `src` c-string cases
urlpath[0] = '/';
dst = &urlpath[1];
} else {
@@ -358,11 +359,6 @@ AnyP::Uri::parse(const HttpRequestMethod& method, const SBuf &rawUrl)
/* We -could- be at the end of the buffer here */
if (i > l)
return false;
- /* If the URL path is empty we set it to be "/" */
- if (dst == urlpath) {
- *dst = '/';
- ++dst;
- }
*dst = '\0';
foundPort = scheme.defaultPort(); // may be reset later

9
squid.spec
View File

@ -2,7 +2,7 @@
Name: squid Name: squid
Version: 4.9 Version: 4.9
Release: 6 Release: 7
Summary: The Squid proxy caching server Summary: The Squid proxy caching server
Epoch: 7 Epoch: 7
License: GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain) License: GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
@ -33,6 +33,7 @@ Patch12:CVE-2020-15049.patch
Patch13:CVE-2020-15810.patch Patch13:CVE-2020-15810.patch
Patch14:CVE-2020-15811.patch Patch14:CVE-2020-15811.patch
Patch15:CVE-2020-24606.patch Patch15:CVE-2020-24606.patch
Patch16:backport-CVE-2020-25097.patch
Buildroot: %{_tmppath}/squid-4.9-1-root-%(%{__id_u} -n) Buildroot: %{_tmppath}/squid-4.9-1-root-%(%{__id_u} -n)
Requires: bash >= 2.0 Requires: bash >= 2.0
@ -211,6 +212,12 @@ fi
chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || : chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || :
%changelog %changelog
* Wed Mar 31 2021 gaihuiying <gaihuiying1@huawei.com> - 4.9-7
- Type:cves
- ID:NA
- SUG:NA
- DESC:fix CVE-2020-25097
* Wed Mar 17 2021 openEuler Buildteam <buildteam@openeuler.org> - 4.9-6 * Wed Mar 17 2021 openEuler Buildteam <buildteam@openeuler.org> - 4.9-6
- Type:cves - Type:cves
- ID:CVE-2020-14058, CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606 - ID:CVE-2020-14058, CVE-2020-15049, CVE-2020-15810, CVE-2020-15811, CVE-2020-24606