diff options
| author | Peter Korsgaard <peter@korsgaard.com> | 2018-01-22 20:54:17 +0100 |
|---|---|---|
| committer | Peter Korsgaard <peter@korsgaard.com> | 2018-01-23 08:30:15 +0100 |
| commit | 6f481c83b96c76d59a420e5f6559c02cb5d329d3 (patch) | |
| tree | 40da605a8c28da08b73d05050f10dcd897f7c406 /package/squid/0004-Fix-indirect-IP-logging-for-transactions-without-a-c.patch | |
| parent | 001b834aacef82a6205f5b319037d42d0fdb13cd (diff) | |
| download | buildroot-6f481c83b96c76d59a420e5f6559c02cb5d329d3.tar.gz buildroot-6f481c83b96c76d59a420e5f6559c02cb5d329d3.zip | |
squid: add upstream post-3.5.27 security patches
Fixes the following security issues:
SQUID-2018:1 Due to incorrect pointer handling Squid is vulnerable to denial
of service attack when processing ESI responses.
http://www.squid-cache.org/Advisories/SQUID-2018_1.txt
SQUID-2018:2 Due to incorrect pointer handling Squid is vulnerable to
denial of service attack when processing ESI responses or downloading
intermediate CA certificates.
http://www.squid-cache.org/Advisories/SQUID-2018_2.txt
Signed-off-by: Peter Korsgaard <peter@korsgaard.com>
Diffstat (limited to 'package/squid/0004-Fix-indirect-IP-logging-for-transactions-without-a-c.patch')
| -rw-r--r-- | package/squid/0004-Fix-indirect-IP-logging-for-transactions-without-a-c.patch | 31 |
1 files changed, 31 insertions, 0 deletions
diff --git a/package/squid/0004-Fix-indirect-IP-logging-for-transactions-without-a-c.patch b/package/squid/0004-Fix-indirect-IP-logging-for-transactions-without-a-c.patch new file mode 100644 index 0000000000..51fff30034 --- /dev/null +++ b/package/squid/0004-Fix-indirect-IP-logging-for-transactions-without-a-c.patch @@ -0,0 +1,31 @@ +From 8232b83d3fa47a1399f155cb829db829369fbae9 Mon Sep 17 00:00:00 2001 +From: squidadm <squidadm@users.noreply.github.com> +Date: Sun, 21 Jan 2018 08:07:08 +1300 +Subject: [PATCH] Fix indirect IP logging for transactions without a client + connection (#129) (#136) + +Signed-off-by: Peter Korsgaard <peter@korsgaard.com> +--- + src/client_side_request.cc | 6 +++--- + 1 file changed, 3 insertions(+), 3 deletions(-) + +diff --git a/src/client_side_request.cc b/src/client_side_request.cc +index be124f355..203f89d46 100644 +--- a/src/client_side_request.cc ++++ b/src/client_side_request.cc +@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *data) + * Ensure that the access log shows the indirect client + * instead of the direct client. + */ +- ConnStateData *conn = http->getConn(); +- conn->log_addr = request->indirect_client_addr; +- http->al->cache.caddr = conn->log_addr; ++ http->al->cache.caddr = request->indirect_client_addr; ++ if (ConnStateData *conn = http->getConn()) ++ conn->log_addr = request->indirect_client_addr; + } + request->x_forwarded_for_iterator.clean(); + request->flags.done_follow_x_forwarded_for = true; +-- +2.11.0 + |
