Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP4:GA
squid
SQUID-2023_11.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File SQUID-2023_11.patch of Package squid
commit 7e8eec79880cc207ba61b662eb8b93081101b62c Author: Alex Rousskov <rousskov@measurement-factory.com> Date: Sun Nov 12 09:33:20 2023 +0000 Do not update StoreEntry expiration after errorAppendEntry() (#1580) errorAppendEntry() is responsible for setting entry expiration times, which it does by calling StoreEntry::storeErrorResponse() that calls StoreEntry::negativeCache(). This change was triggered by a vulnerability report by Joshua Rogers at https://megamansec.github.io/Squid-Security-Audit/cache-uaf.html where it was filed as "Use-After-Free in Cache Manager Errors". The reported "use after free" vulnerability was unknowingly addressed by 2022 commit 1fa761a that removed excessively long "reentrant" store_client calls responsible for the disappearance of the properly locked StoreEntry in this (and probably other) contexts. Index: squid-3.5.21/src/cache_manager.cc =================================================================== --- squid-3.5.21.orig/src/cache_manager.cc +++ squid-3.5.21/src/cache_manager.cc @@ -311,7 +311,6 @@ CacheManager::Start(const Comm::Connecti ErrorState *err = new ErrorState(ERR_INVALID_URL, Http::scNotFound, request); err->url = xstrdup(entry->url()); errorAppendEntry(entry, err); - entry->expires = squid_curtime; return; }
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor