fix CVE-2024-37894
(cherry picked from commit b87bde8d638cca0ad05b11dbcb8badc5ce91b831)
This commit is contained in:
xh
openeuler-sync-bot
parent
ed8e8c0e50
commit
e34952fdfa
32
backport-CVE-2024-37894.patch
Normal file
32
backport-CVE-2024-37894.patch
Normal file
@ -0,0 +1,32 @@
|
||||
From 920563e7a080155fae3ced73d6198781e8b0ff04 Mon Sep 17 00:00:00 2001
|
||||
From: Francesco Chemolli <5175948+kinkie@users.noreply.github.com>
|
||||
Date: Sun, 2 Jun 2024 14:41:16 +0000
|
||||
Subject: [PATCH] Bug 5378: type mismatch in libTrie (#1830)
|
||||
|
||||
TrieNode::add() incorrectly computed an offset of an internal data
|
||||
structure, resulting in out-of-bounds memory accesses that could cause
|
||||
corruption or crashes.
|
||||
|
||||
This bug was discovered and detailed by Joshua Rogers at
|
||||
https://megamansec.github.io/Squid-Security-Audit/esi-underflow.html
|
||||
where it was filed as "Buffer Underflow in ESI".
|
||||
|
||||
Conflict: NA
|
||||
Reference: https://github.com/squid-cache/squid/commit/920563e7a080155fae3ced73d6198781e8b0ff04
|
||||
---
|
||||
lib/libTrie/TrieNode.cc | 2 +-
|
||||
1 file changed, 1 insertion(+), 1 deletion(-)
|
||||
|
||||
diff --git a/lib/libTrie/TrieNode.cc b/lib/libTrie/TrieNode.cc
|
||||
index 0f991a06d3e..d417e0f5448 100644
|
||||
--- a/lib/libTrie/TrieNode.cc
|
||||
+++ b/lib/libTrie/TrieNode.cc
|
||||
@@ -32,7 +32,7 @@ TrieNode::add(char const *aString, size_t theLength, void *privatedata, TrieChar
|
||||
/* We trust that privatedata and existant keys have already been checked */
|
||||
|
||||
if (theLength) {
|
||||
- int index = transform ? (*transform)(*aString): *aString;
|
||||
+ const unsigned char index = transform ? (*transform)(*aString): *aString;
|
||||
|
||||
if (!internal[index])
|
||||
internal[index] = new TrieNode;
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
Name: squid
|
||||
Version: 4.9
|
||||
Release: 24
|
||||
Release: 25
|
||||
Summary: The Squid proxy caching server
|
||||
Epoch: 7
|
||||
License: GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
|
||||
@ -56,6 +56,7 @@ Patch35:backport-CVE-2023-49286.patch
|
||||
Patch36:backport-CVE-2023-50269.patch
|
||||
Patch37:backport-CVE-2024-23638.patch
|
||||
Patch38:backport-CVE-2024-25617.patch
|
||||
Patch39:backport-CVE-2024-37894.patch
|
||||
|
||||
Buildroot: %{_tmppath}/squid-4.9-1-root-%(%{__id_u} -n)
|
||||
Requires: bash >= 2.0
|
||||
@ -250,6 +251,12 @@ fi
|
||||
chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Thu Jun 27 2024 xinghe <xinghe2@h-partners.com> - 7:4.9-25
|
||||
- Type:cves
|
||||
- ID:CVE-2024-37894
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2024-37894
|
||||
|
||||
* Mon Feb 19 2024 hehuazhen <hehuazhen@huawei.com> - 7:4.9-24
|
||||
- Type:cves
|
||||
- ID:CVE-2024-25617
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user