Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-15-SP2:Update
squid
SQUID-2023_4.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File SQUID-2023_4.patch of Package squid
From 12b8efc07ff74548d5582c4890f8bdb9057a1bb3 Mon Sep 17 00:00:00 2001 From: Andreas Weigel <andreas.weigel@securepoint.de> Date: Wed, 18 Oct 2023 04:14:31 +0000 Subject: [PATCH] Fix validation of certificates with CN=* (#1523) The bug was discovered and detailed by Joshua Rogers at https://megamansec.github.io/Squid-Security-Audit/ where it was filed as "Buffer UnderRead in SSL CN Parsing". --- src/anyp/Uri.cc | 6 ++++++ 1 file changed, 6 insertions(+) diff --git a/src/anyp/Uri.cc b/src/anyp/Uri.cc index eca2c2357..b0f2ce030 100644 --- a/src/anyp/Uri.cc +++ b/src/anyp/Uri.cc @@ -174,6 +174,10 @@ urlInitialize(void) assert(0 == matchDomainName("*.foo.com", ".foo.com", mdnHonorWildcards)); assert(0 != matchDomainName("*.foo.com", "foo.com", mdnHonorWildcards)); + assert(0 != matchDomainName("foo.com", "")); + assert(0 != matchDomainName("foo.com", "", mdnHonorWildcards)); + assert(0 != matchDomainName("foo.com", "", mdnRejectSubsubDomains)); + /* more cases? */ } @@ -748,6 +752,8 @@ matchDomainName(const char *h, const char *d, MatchDomainNameFlags flags) return -1; dl = strlen(d); + if (dl == 0) + return 1; /* * Start at the ends of the two strings and work towards the -- 2.25.1
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor