mirror of
https://github.com/openembedded/meta-openembedded.git
synced 2026-07-16 04:17:25 +00:00
5b2e937448
SQUID-2015:2 - Does not affect Squid-3.4 and older versions are not vulnerable. CVE-2015-5400 CVE-2015-3455 CVE-2014-7142 CVE-2014-7141 CVE-2014-6270 see http://www.squid-cache.org/Advisories/ Signed-off-by: Armin Kuster <akuster@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
54 lines
2.0 KiB
Diff
54 lines
2.0 KiB
Diff
Fix: CVE-2015-3455
|
|
|
|
------------------------------------------------------------
|
|
revno: 13222
|
|
revision-id: squid3@treenet.co.nz-20150501071651-songz1j26frb2ytz
|
|
parent: squid3@treenet.co.nz-20150501071104-vd21fu43lvmqoqwa
|
|
author: Amos Jeffries <amosjeffries@squid-cache.org>, Christos Tsantilas <chtsanti@users.sourceforge.net>
|
|
committer: Amos Jeffries <squid3@treenet.co.nz>
|
|
branch nick: 3.4
|
|
timestamp: Fri 2015-05-01 00:16:51 -0700
|
|
message:
|
|
Fix X509 server certificate domain matching
|
|
|
|
The X509 certificate domain fields may contain non-ASCII encodings.
|
|
Ensure the domain match algorithm is only passed UTF-8 ASCII-compatible
|
|
strings.
|
|
------------------------------------------------------------
|
|
# Bazaar merge directive format 2 (Bazaar 0.90)
|
|
# revision_id: squid3@treenet.co.nz-20150501071651-songz1j26frb2ytz
|
|
# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
|
|
# testament_sha1: e38694c3e222c506740510557d2a7a122786225c
|
|
# timestamp: 2015-05-01 07:17:25 +0000
|
|
# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4
|
|
# base_revision_id: squid3@treenet.co.nz-20150501071104-\
|
|
# vd21fu43lvmqoqwa
|
|
#
|
|
# Begin patch
|
|
|
|
Upstream-Status: Backport
|
|
|
|
http://www.squid-cache.org/Versions/v3/3.4/changesets/squid-3.4-13222.patch
|
|
|
|
Signed-off-by: Armin Kuster <akuster@mvista.com>
|
|
|
|
=== modified file 'src/ssl/support.cc'
|
|
--- a/src/ssl/support.cc 2015-01-24 05:07:58 +0000
|
|
+++ b/src/ssl/support.cc 2015-05-01 07:16:51 +0000
|
|
@@ -209,7 +209,13 @@
|
|
if (cn_data->length > (int)sizeof(cn) - 1) {
|
|
return 1; //if does not fit our buffer just ignore
|
|
}
|
|
- memcpy(cn, cn_data->data, cn_data->length);
|
|
+ char *s = reinterpret_cast<char*>(cn_data->data);
|
|
+ char *d = cn;
|
|
+ for (int i = 0; i < cn_data->length; ++i, ++d, ++s) {
|
|
+ if (*s == '\0')
|
|
+ return 1; // always a domain mismatch. contains 0x00
|
|
+ *d = *s;
|
|
+ }
|
|
cn[cn_data->length] = '\0';
|
|
debugs(83, 4, "Verifying server domain " << server << " to certificate name/subjectAltName " << cn);
|
|
return matchDomainName(server, cn[0] == '*' ? cn + 1 : cn);
|
|
|