diff options
author | Vijay Anusuri <vanusuri@mvista.com> | 2024-02-12 09:26:24 +0530 |
---|---|---|
committer | Armin Kuster <akuster808@gmail.com> | 2024-03-03 16:38:27 -0500 |
commit | e30e0c309465de4e52addf008ab4404580c0026e (patch) | |
tree | a47b19497958041520c2b5d6fa6503879e4f7393 | |
parent | de497fb40998a1b89f6b23083264bfa4c2a70504 (diff) | |
download | meta-openembedded-e30e0c309465de4e52addf008ab4404580c0026e.tar.gz |
squid: Backport fix for CVE-2023-50269
import patch from ubuntu to fix
CVE-2023-50269
Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa
Upstream commit
https://github.com/squid-cache/squid/commit/9f7136105bff920413042a8806cc5de3f6086d6d]
Signed-off-by: Vijay Anusuri <vanusuri@mvista.com>
Signed-off-by: Armin Kuster <akuster808@gmail.com>
-rw-r--r-- | meta-networking/recipes-daemons/squid/files/CVE-2023-50269.patch | 62 | ||||
-rw-r--r-- | meta-networking/recipes-daemons/squid/squid_4.9.bb | 1 |
2 files changed, 63 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-50269.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-50269.patch new file mode 100644 index 000000000..51c895e0e --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-50269.patch | |||
@@ -0,0 +1,62 @@ | |||
1 | From: Markus Koschany <apo@debian.org> | ||
2 | Date: Tue, 26 Dec 2023 19:58:12 +0100 | ||
3 | Subject: CVE-2023-50269 | ||
4 | |||
5 | Bug-Debian: https://bugs.debian.org/1058721 | ||
6 | Origin: http://www.squid-cache.org/Versions/v5/SQUID-2023_10.patch | ||
7 | |||
8 | Upstream-Status: Backport [import from ubuntu https://git.launchpad.net/ubuntu/+source/squid/tree/debian/patches/CVE-2023-50269.patch?h=ubuntu/focal-security&id=9ccd217ca9428c9a6597e9310a99552026b245fa | ||
9 | Upstream commit https://github.com/squid-cache/squid/commit/9f7136105bff920413042a8806cc5de3f6086d6d] | ||
10 | CVE: CVE-2023-50269 | ||
11 | Signed-off-by: Vijay Anusuri <vanusuri@mvista.com> | ||
12 | --- | ||
13 | src/ClientRequestContext.h | 4 ++++ | ||
14 | src/client_side_request.cc | 17 +++++++++++++++-- | ||
15 | 2 files changed, 19 insertions(+), 2 deletions(-) | ||
16 | |||
17 | --- a/src/ClientRequestContext.h | ||
18 | +++ b/src/ClientRequestContext.h | ||
19 | @@ -81,6 +81,10 @@ | ||
20 | #endif | ||
21 | ErrorState *error; ///< saved error page for centralized/delayed processing | ||
22 | bool readNextRequest; ///< whether Squid should read after error handling | ||
23 | + | ||
24 | +#if FOLLOW_X_FORWARDED_FOR | ||
25 | + size_t currentXffHopNumber = 0; ///< number of X-Forwarded-For header values processed so far | ||
26 | +#endif | ||
27 | }; | ||
28 | |||
29 | #endif /* SQUID_CLIENTREQUESTCONTEXT_H */ | ||
30 | --- a/src/client_side_request.cc | ||
31 | +++ b/src/client_side_request.cc | ||
32 | @@ -78,6 +78,11 @@ | ||
33 | static const char *const crlf = "\r\n"; | ||
34 | |||
35 | #if FOLLOW_X_FORWARDED_FOR | ||
36 | + | ||
37 | +#if !defined(SQUID_X_FORWARDED_FOR_HOP_MAX) | ||
38 | +#define SQUID_X_FORWARDED_FOR_HOP_MAX 64 | ||
39 | +#endif | ||
40 | + | ||
41 | static void clientFollowXForwardedForCheck(allow_t answer, void *data); | ||
42 | #endif /* FOLLOW_X_FORWARDED_FOR */ | ||
43 | |||
44 | @@ -485,8 +490,16 @@ | ||
45 | /* override the default src_addr tested if we have to go deeper than one level into XFF */ | ||
46 | Filled(calloutContext->acl_checklist)->src_addr = request->indirect_client_addr; | ||
47 | } | ||
48 | - calloutContext->acl_checklist->nonBlockingCheck(clientFollowXForwardedForCheck, data); | ||
49 | - return; | ||
50 | + if (++calloutContext->currentXffHopNumber < SQUID_X_FORWARDED_FOR_HOP_MAX) { | ||
51 | + calloutContext->acl_checklist->nonBlockingCheck(clientFollowXForwardedForCheck, data); | ||
52 | + return; | ||
53 | + } | ||
54 | + const auto headerName = Http::HeaderLookupTable.lookup(Http::HdrType::X_FORWARDED_FOR).name; | ||
55 | + debugs(28, DBG_CRITICAL, "ERROR: Ignoring trailing " << headerName << " addresses"); | ||
56 | + debugs(28, DBG_CRITICAL, "addresses allowed by follow_x_forwarded_for: " << calloutContext->currentXffHopNumber); | ||
57 | + debugs(28, DBG_CRITICAL, "last/accepted address: " << request->indirect_client_addr); | ||
58 | + debugs(28, DBG_CRITICAL, "ignored trailing addresses: " << request->x_forwarded_for_iterator); | ||
59 | + // fall through to resume clientAccessCheck() processing | ||
60 | } | ||
61 | } | ||
62 | |||
diff --git a/meta-networking/recipes-daemons/squid/squid_4.9.bb b/meta-networking/recipes-daemons/squid/squid_4.9.bb index 482ce76d1..09c0a2cd7 100644 --- a/meta-networking/recipes-daemons/squid/squid_4.9.bb +++ b/meta-networking/recipes-daemons/squid/squid_4.9.bb | |||
@@ -30,6 +30,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2 | |||
30 | file://CVE-2023-46846.patch \ | 30 | file://CVE-2023-46846.patch \ |
31 | file://CVE-2023-49285.patch \ | 31 | file://CVE-2023-49285.patch \ |
32 | file://CVE-2023-49286.patch \ | 32 | file://CVE-2023-49286.patch \ |
33 | file://CVE-2023-50269.patch \ | ||
33 | " | 34 | " |
34 | 35 | ||
35 | SRC_URI_remove_toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch" | 36 | SRC_URI_remove_toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch" |