diff options
author | Thiruvadi Rajaraman <trajaraman@mvista.com> | 2017-05-31 13:53:15 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2017-11-16 15:32:05 -0800 |
commit | 6d03884d6260f25e5359645ca589ae2e403991ff (patch) | |
tree | 22b821d49723775d7e36ad657e676b55d2e37629 | |
parent | 03d6f8c4a08ca1f10a8c31161201960c7850025b (diff) | |
download | meta-openembedded-contrib-6d03884d6260f25e5359645ca589ae2e403991ff.tar.gz |
squid: CVE-2016-10003
Source: http://www.squid-cache.org/
MR: 70144
Type: Security Fix
Disposition: Backport from http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_10_a.patch
ChangeID: f713fe5b0b38ba5402a9c0947289ee9a0ea5bcbe
Description:
Do not share private responses with collapsed client(s).
This excessive sharing problem with collapsed forwarding code has
several layers. In most cases, the core CF code does not share
uncachable or private response with collapsed clients because of the
refreshCheckHTTP() check. However, some responses might not be subject
to that (or equivalent) check. More importantly, collapsed revalidation
code does not check its responses at all and, hence, easily shares
private responses.
This short-term fix incorrectly assumes that an entry may become private
(KEY_PRIVATE) only when it cannot be shared among multiple clients
(e.g., because of a Cache-Control:private response header). However,
there are a few other cases when an entry becomes private. One of them
is a DISK_NO_SPACE_LEFT error inside storeSwapOutFileClosed() where
StoreEntry::releaseRequest() sets KEY_PRIVATE for a sharable entry [that
may still be perfectly preserved in the memory cache]. Consequently, the
short-term fix reduces CF effectiveness. The extent of this reduction is
probably environment-dependent.
Author: Eduard Bagdasaryan <eduard.bagdasaryan@measurement-factory.com>
Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com>
Reviewed-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-networking/recipes-daemons/squid/files/CVE-2016-10003.patch | 33 | ||||
-rw-r--r-- | meta-networking/recipes-daemons/squid/squid_3.5.20.bb | 1 |
2 files changed, 34 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2016-10003.patch b/meta-networking/recipes-daemons/squid/files/CVE-2016-10003.patch new file mode 100644 index 0000000000..cf94e751ff --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/CVE-2016-10003.patch @@ -0,0 +1,33 @@ +author: Eduard Bagdasaryan <eduard.bagdasaryan@measurement-factory.com> +committer: Amos Jeffries <squid3@treenet.co.nz> +branch nick: trunk +timestamp: Fri 2016-12-16 15:43:39 +1300 +message: + + Do not share private responses with collapsed client(s). + +Upstream-status: Backport +Signed-off-by: Thiruvadi Rajaraman <trajaraman@mvista.com> + +Index: squid-3.5.20/src/client_side_reply.cc +=================================================================== +--- squid-3.5.20.orig/src/client_side_reply.cc 2016-07-01 17:07:50.000000000 +0530 ++++ squid-3.5.20/src/client_side_reply.cc 2017-05-31 13:15:46.541291519 +0530 +@@ -473,6 +482,17 @@ + return; + } + ++ ++ // The previously identified hit suddenly became unsharable! ++ // This is common for collapsed forwarding slaves but might also ++ // happen to regular hits because we are called asynchronously. ++ if (EBIT_TEST(e->flags, KEY_PRIVATE)) { ++ debugs(88, 3, "unsharable " << *e << ". MISS"); ++ http->logType = LOG_TCP_MISS; ++ processMiss(); ++ return; ++ } ++ + if (result.length == 0) { + debugs(88, 5, "store IO buffer has no content. MISS"); + /* the store couldn't get enough data from the file for us to id the diff --git a/meta-networking/recipes-daemons/squid/squid_3.5.20.bb b/meta-networking/recipes-daemons/squid/squid_3.5.20.bb index fc7f7689be..4b806a91a9 100644 --- a/meta-networking/recipes-daemons/squid/squid_3.5.20.bb +++ b/meta-networking/recipes-daemons/squid/squid_3.5.20.bb @@ -21,6 +21,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${MIN_VER}/${BPN}-${P file://volatiles.03_squid \ file://set_sysroot_patch.patch \ file://squid-don-t-do-squid-conf-tests-at-build-time.patch \ + file://CVE-2016-10003.patch \ " LIC_FILES_CHKSUM = "file://COPYING;md5=c492e2d6d32ec5c1aad0e0609a141ce9 \ |