packages/squid
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!154 [sync] PR-153: fix CVE-2024-37894

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @renmingshuai 
Signed-off-by: @renmingshuai
This commit is contained in:
openeuler-ci-bot 2024-06-27 11:39:13 +00:00 committed by Gitee
commit 243160c6b4
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 40 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

32
backport-CVE-2024-37894.patch Normal file
View File

@ -0,0 +1,32 @@
From 920563e7a080155fae3ced73d6198781e8b0ff04 Mon Sep 17 00:00:00 2001
From: Francesco Chemolli <5175948+kinkie@users.noreply.github.com>
Date: Sun, 2 Jun 2024 14:41:16 +0000
Subject: [PATCH] Bug 5378: type mismatch in libTrie (#1830)
TrieNode::add() incorrectly computed an offset of an internal data
structure, resulting in out-of-bounds memory accesses that could cause
corruption or crashes.
This bug was discovered and detailed by Joshua Rogers at
https://megamansec.github.io/Squid-Security-Audit/esi-underflow.html
where it was filed as "Buffer Underflow in ESI".
Conflict: NA
Reference: https://github.com/squid-cache/squid/commit/920563e7a080155fae3ced73d6198781e8b0ff04
---
lib/libTrie/TrieNode.cc | 2 +-
1 file changed, 1 insertion(+), 1 deletion(-)
diff --git a/lib/libTrie/TrieNode.cc b/lib/libTrie/TrieNode.cc
index 0f991a06d3e..d417e0f5448 100644
--- a/lib/libTrie/TrieNode.cc
+++ b/lib/libTrie/TrieNode.cc
@@ -32,7 +32,7 @@ TrieNode::add(char const *aString, size_t theLength, void *privatedata, TrieChar
/* We trust that privatedata and existant keys have already been checked */
if (theLength) {
- int index = transform ? (*transform)(*aString): *aString;
+ const unsigned char index = transform ? (*transform)(*aString): *aString;
if (!internal[index])
internal[index] = new TrieNode;

9
squid.spec
View File

@ -2,7 +2,7 @@
Name: squid
Version: 4.9
Release: 24
Release: 25
Summary: The Squid proxy caching server
Epoch: 7
License: GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
@ -56,6 +56,7 @@ Patch35:backport-CVE-2023-49286.patch
Patch36:backport-CVE-2023-50269.patch
Patch37:backport-CVE-2024-23638.patch
Patch38:backport-CVE-2024-25617.patch
Patch39:backport-CVE-2024-37894.patch
Buildroot: %{_tmppath}/squid-4.9-1-root-%(%{__id_u} -n)
Requires: bash >= 2.0
@ -250,6 +251,12 @@ fi
chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || :
%changelog
* Thu Jun 27 2024 xinghe <xinghe2@h-partners.com> - 7:4.9-25
- Type:cves
- ID:CVE-2024-37894
- SUG:NA
- DESC:fix CVE-2024-37894
* Mon Feb 19 2024 hehuazhen <hehuazhen@huawei.com> - 7:4.9-24
- Type:cves
- ID:CVE-2024-25617