packages/varnish
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Fix CVE-2025-30346

Browse Source 
(cherry picked from commit 650e38da768a1deeb481918099f62e218695944c)
This commit is contained in:
starlet-dx 2025-03-24 14:48:27 +08:00 committed by openeuler-sync-bot
parent 9efb83aed8
commit 94236cd97b
2 changed files with 55 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

50
CVE-2025-30346.patch Normal file
View File

@ -0,0 +1,50 @@
From 8ef69a03b36aeac5f364c01eb20f821860e47f14 Mon Sep 17 00:00:00 2001
From: Dag Haavi Finstad <daghf@varnish-software.com>
Date: Fri, 10 Jan 2025 13:07:54 +0100
Subject: [PATCH] req_fsm: Close the connection on a malformed request
---
bin/varnishd/cache/cache_req_fsm.c | 2 ++
bin/varnishtest/tests/b00037.vtc | 2 ++
2 files changed, 4 insertions(+)
diff --git a/bin/varnishd/cache/cache_req_fsm.c b/bin/varnishd/cache/cache_req_fsm.c
index 1004cbc5f47..803810210ef 100644
--- a/bin/varnishd/cache/cache_req_fsm.c
+++ b/bin/varnishd/cache/cache_req_fsm.c
@@ -962,6 +962,7 @@ cnt_recv(struct worker *wrk, struct req *req)
if (http_CountHdr(req->http0, H_Host) > 1) {
VSLb(req->vsl, SLT_BogoHeader, "Multiple Host: headers");
wrk->stats->client_req_400++;
+ req->doclose = SC_RX_BAD;
(void)req->transport->minimal_response(req, 400);
return (REQ_FSM_DONE);
}
@@ -969,6 +970,7 @@ cnt_recv(struct worker *wrk, struct req *req)
if (http_CountHdr(req->http0, H_Content_Length) > 1) {
VSLb(req->vsl, SLT_BogoHeader, "Multiple Content-Length: headers");
wrk->stats->client_req_400++;
+ req->doclose = SC_RX_BAD;
(void)req->transport->minimal_response(req, 400);
return (REQ_FSM_DONE);
}
diff --git a/bin/varnishtest/tests/b00037.vtc b/bin/varnishtest/tests/b00037.vtc
index ce0e841123e..e6185bd0764 100644
--- a/bin/varnishtest/tests/b00037.vtc
+++ b/bin/varnishtest/tests/b00037.vtc
@@ -11,6 +11,7 @@ client c1 {
varnish v1 -vsl_catchup
varnish v1 -expect client_req_400 == 1
+varnish v1 -expect sc_rx_bad == 1
client c1 {
txreq -method POST -hdr "Content-Length: 12" -hdr "Content-Length: 12" -bodylen 12
@@ -20,6 +21,7 @@ client c1 {
varnish v1 -vsl_catchup
varnish v1 -expect client_req_400 == 2
+varnish v1 -expect sc_rx_bad == 2
varnish v1 -cliok "param.set feature +http2"

6
varnish.spec
View File

@ -3,7 +3,7 @@
Name: varnish
Summary: A web application accelerator
Version: 7.4.3
Release: 1
Release: 2
License: BSD-2-Clause
URL: https://www.varnish-cache.org/
Source0: http://varnish-cache.org/_downloads/varnish-%{version}.tgz
@ -12,6 +12,7 @@ Source0: http://varnish-cache.org/_downloads/varnish-%{version}.tgz
Source1: https://github.com/varnishcache/pkg-varnish-cache/archive/0ad2f22629c4a368959c423a19e352c9c6c79682/pkg-varnish-cache-0ad2f22.tar.gz
Patch0001: fix-varnish-devel-installation-failure.patch
Patch0002: fix-varnish.service-reload-failed.patch
Patch0003: CVE-2025-30346.patch
BuildRequires: python3-sphinx python3-docutils pkgconfig make graphviz nghttp2 systemd-units
BuildRequires: ncurses-devel pcre2-devel libedit-devel gcc
@ -160,6 +161,9 @@ test -f /etc/varnish/secret || (uuidgen > /etc/varnish/secret && chmod 0600 /etc
%{_mandir}/man7/*.7*
%changelog
* Mon Mar 24 2025 yaoxin <1024769339@qq.com> - 7.4.3-2
- Fix CVE-2025-30346
* Mon Mar 25 2024 zhangxingrong <zhangxingrong@uniontech.com> - 7.4.3-1
- Update to 7.4.3 for fix CVE-2024-30156