packages/squid
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

!132 [sync] PR-128: fix CVE-2024-23638

Browse Source 
From: @openeuler-sync-bot 
Reviewed-by: @robertxw 
Signed-off-by: @robertxw
This commit is contained in:
openeuler-ci-bot 2024-01-26 03:24:00 +00:00 committed by Gitee
commit b6694963ac
No known key found for this signature in database
GPG Key ID: 173E9B9CA92EEF8F
2 changed files with 44 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

36
backport-CVE-2024-23638.patch Normal file
View File

@ -0,0 +1,36 @@
From 5bede3305cabb9ac19babecf3ebaf64f43f7b53e Mon Sep 17 00:00:00 2001
From: Alex Rousskov <rousskov@measurement-factory.com>
Date: Sun, 12 Nov 2023 09:33:20 +0000
Subject: [PATCH] Do not update StoreEntry expiration after errorAppendEntry()
(#1580)
errorAppendEntry() is responsible for setting entry expiration times,
which it does by calling StoreEntry::storeErrorResponse() that calls
StoreEntry::negativeCache().
This change was triggered by a vulnerability report by Joshua Rogers at
https://megamansec.github.io/Squid-Security-Audit/cache-uaf.html where
it was filed as "Use-After-Free in Cache Manager Errors". The reported
"use after free" vulnerability was unknowingly addressed by 2022 commit
1fa761a that removed excessively long "reentrant" store_client calls
responsible for the disappearance of the properly locked StoreEntry in
this (and probably other) contexts.
Conflict: context adapt
Reference: https://github.com/squid-cache/squid/commit/5bede3305cabb9ac19babecf3ebaf64f43f7b53e
---
src/cache_manager.cc | 1 -
1 file changed, 1 deletion(-)
diff --git a/src/cache_manager.cc b/src/cache_manager.cc
index b5a9cbecd33..08445a517a9 100644
--- a/src/cache_manager.cc
+++ b/src/cache_manager.cc
@@ -306,7 +306,6 @@ CacheManager::start(const Comm::ConnectionPointer &client, HttpRequest *request,
const auto err = new ErrorState(ERR_INVALID_URL, Http::scNotFound, request);
err->url = xstrdup(entry->url());
errorAppendEntry(entry, err);
- entry->expires = squid_curtime;
return;
}

9
squid.spec
View File

@ -2,7 +2,7 @@
Name: squid Name: squid
Version: 4.9 Version: 4.9
Release: 22 Release: 23
Summary: The Squid proxy caching server Summary: The Squid proxy caching server
Epoch: 7 Epoch: 7
License: GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain) License: GPLv2+ and (LGPLv2+ and MIT and BSD and Public Domain)
@ -54,6 +54,7 @@ Patch33:backport-CVE-2023-46728.patch
Patch34:backport-CVE-2023-49285.patch Patch34:backport-CVE-2023-49285.patch
Patch35:backport-CVE-2023-49286.patch Patch35:backport-CVE-2023-49286.patch
Patch36:backport-CVE-2023-50269.patch Patch36:backport-CVE-2023-50269.patch
Patch37:backport-CVE-2024-23638.patch
Buildroot: %{_tmppath}/squid-4.9-1-root-%(%{__id_u} -n) Buildroot: %{_tmppath}/squid-4.9-1-root-%(%{__id_u} -n)
Requires: bash >= 2.0 Requires: bash >= 2.0
@ -248,6 +249,12 @@ fi
chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || : chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || :
%changelog %changelog
* Thu Jan 25 2024 xinghe <xinghe2@h-partners.com> - 7:4.9-23
- Type:cves
- ID:CVE-2024-23638
- SUG:NA
- DESC:fix CVE-2024-23638
* Fri Dec 15 2023 xinghe <xinghe2@h-partners.com> - 7:4.9-22 * Fri Dec 15 2023 xinghe <xinghe2@h-partners.com> - 7:4.9-22
- Type:cves - Type:cves
- ID:CVE-2023-50269 - ID:CVE-2023-50269