fix CVE-2024-23638
(cherry picked from commit 1f611bd2e6d2756b6ff56dd35d811f4e0da7d87d)
This commit is contained in:
xinghe
openeuler-sync-bot
parent
598076ce24
commit
a68b6c6153
36
backport-CVE-2024-23638.patch
Normal file
36
backport-CVE-2024-23638.patch
Normal file
@ -0,0 +1,36 @@
|
||||
From 5bede3305cabb9ac19babecf3ebaf64f43f7b53e Mon Sep 17 00:00:00 2001
|
||||
From: Alex Rousskov <rousskov@measurement-factory.com>
|
||||
Date: Sun, 12 Nov 2023 09:33:20 +0000
|
||||
Subject: [PATCH] Do not update StoreEntry expiration after errorAppendEntry()
|
||||
(#1580)
|
||||
|
||||
errorAppendEntry() is responsible for setting entry expiration times,
|
||||
which it does by calling StoreEntry::storeErrorResponse() that calls
|
||||
StoreEntry::negativeCache().
|
||||
|
||||
This change was triggered by a vulnerability report by Joshua Rogers at
|
||||
https://megamansec.github.io/Squid-Security-Audit/cache-uaf.html where
|
||||
it was filed as "Use-After-Free in Cache Manager Errors". The reported
|
||||
"use after free" vulnerability was unknowingly addressed by 2022 commit
|
||||
1fa761a that removed excessively long "reentrant" store_client calls
|
||||
responsible for the disappearance of the properly locked StoreEntry in
|
||||
this (and probably other) contexts.
|
||||
|
||||
Conflict: context adapt
|
||||
Reference: https://github.com/squid-cache/squid/commit/5bede3305cabb9ac19babecf3ebaf64f43f7b53e
|
||||
---
|
||||
src/cache_manager.cc | 1 -
|
||||
1 file changed, 1 deletion(-)
|
||||
|
||||
diff --git a/src/cache_manager.cc b/src/cache_manager.cc
|
||||
index b5a9cbecd33..08445a517a9 100644
|
||||
--- a/src/cache_manager.cc
|
||||
+++ b/src/cache_manager.cc
|
||||
@@ -306,7 +306,6 @@ CacheManager::start(const Comm::ConnectionPointer &client, HttpRequest *request,
|
||||
const auto err = new ErrorState(ERR_INVALID_URL, Http::scNotFound, request);
|
||||
err->url = xstrdup(entry->url());
|
||||
errorAppendEntry(entry, err);
|
||||
- entry->expires = squid_curtime;
|
||||
return;
|
||||
}
|
||||
|
||||
@ -2,7 +2,7 @@
|
||||
|
||||
Name: squid
|
||||
Version: 4.9
|
||||
Release: 22
|
||||
Release: 23
|
||||
Summary: The Squid proxy caching server
|
||||
Epoch: 7
|
||||
License: GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
|
||||
@ -54,6 +54,7 @@ Patch33:backport-CVE-2023-46728.patch
|
||||
Patch34:backport-CVE-2023-49285.patch
|
||||
Patch35:backport-CVE-2023-49286.patch
|
||||
Patch36:backport-CVE-2023-50269.patch
|
||||
Patch37:backport-CVE-2024-23638.patch
|
||||
|
||||
Buildroot: %{_tmppath}/squid-4.9-1-root-%(%{__id_u} -n)
|
||||
Requires: bash >= 2.0
|
||||
@ -248,6 +249,12 @@ fi
|
||||
chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || :
|
||||
|
||||
%changelog
|
||||
* Thu Jan 25 2024 xinghe <xinghe2@h-partners.com> - 7:4.9-23
|
||||
- Type:cves
|
||||
- ID:CVE-2024-23638
|
||||
- SUG:NA
|
||||
- DESC:fix CVE-2024-23638
|
||||
|
||||
* Fri Dec 15 2023 xinghe <xinghe2@h-partners.com> - 7:4.9-22
|
||||
- Type:cves
|
||||
- ID:CVE-2023-50269
|
||||
|
||||
Loading…
x
Reference in New Issue
Block a user