diff options
Diffstat (limited to 'meta-networking/recipes-daemons/squid/files/CVE-2015-3455.patch')
-rw-r--r-- | meta-networking/recipes-daemons/squid/files/CVE-2015-3455.patch | 53 |
1 files changed, 53 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2015-3455.patch b/meta-networking/recipes-daemons/squid/files/CVE-2015-3455.patch new file mode 100644 index 0000000000..409f9a7f17 --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/CVE-2015-3455.patch @@ -0,0 +1,53 @@ +Fix: CVE-2015-3455 + +------------------------------------------------------------ +revno: 13222 +revision-id: squid3@treenet.co.nz-20150501071651-songz1j26frb2ytz +parent: squid3@treenet.co.nz-20150501071104-vd21fu43lvmqoqwa +author: Amos Jeffries <amosjeffries@squid-cache.org>, Christos Tsantilas <chtsanti@users.sourceforge.net> +committer: Amos Jeffries <squid3@treenet.co.nz> +branch nick: 3.4 +timestamp: Fri 2015-05-01 00:16:51 -0700 +message: + Fix X509 server certificate domain matching + + The X509 certificate domain fields may contain non-ASCII encodings. + Ensure the domain match algorithm is only passed UTF-8 ASCII-compatible + strings. +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20150501071651-songz1j26frb2ytz +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# testament_sha1: e38694c3e222c506740510557d2a7a122786225c +# timestamp: 2015-05-01 07:17:25 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# base_revision_id: squid3@treenet.co.nz-20150501071104-\ +# vd21fu43lvmqoqwa +# +# Begin patch + +Upstream-Status: Backport + +http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13222.patch + +Signed-off-by: Armin Kuster <akuster@mvista.com> + +=== modified file 'src/ssl/support.cc' +--- a/src/ssl/support.cc 2015-01-24 05:07:58 +0000 ++++ b/src/ssl/support.cc 2015-05-01 07:16:51 +0000 +@@ -209,7 +209,13 @@ + if (cn_data->length > (int)sizeof(cn) - 1) { + return 1; //if does not fit our buffer just ignore + } +- memcpy(cn, cn_data->data, cn_data->length); ++ char *s = reinterpret_cast<char*>(cn_data->data); ++ char *d = cn; ++ for (int i = 0; i < cn_data->length; ++i, ++d, ++s) { ++ if (*s == '\0') ++ return 1; // always a domain mismatch. contains 0x00 ++ *d = *s; ++ } + cn[cn_data->length] = '\0'; + debugs(83, 4, "Verifying server domain " << server << " to certificate name/subjectAltName " << cn); + return matchDomainName(server, cn[0] == '*' ? cn + 1 : cn); + |