Bug#392866: marked as done (squid: buffer overflow in src/tools.c)

[Debian Bug Tracking System]

Your message dated Mon, 06 Nov 2006 03:32:20 -0800
with message-id <[EMAIL PROTECTED]>
and subject line Bug#392866: fixed in squid 2.6.5-1
has caused the attached Bug report to be marked as done.

This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.

(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere.  Please contact me immediately.)

Debian bug tracking system administrator
(administrator, Debian Bugs database)

--- Begin Message ---

Package: squid
Version: 2.6.4-1
Severity: normal

Hello,

recently I discovered the following bit of code in the source file
src/tools.c (function 'parseEtcHosts', around line 1169):

    void
    parseEtcHosts(void)
    {
        FILE *fp;
        char buf[1024];
        char buf2[512];
        ...
                if (Config.appendDomain && !strchr(lt, '.')) {
                    /* I know it's ugly, but it's only at reconfig */
                    strncpy(buf2, lt, 512);
                    strncat(buf2, Config.appendDomain, 512 - strlen(lt));

This code is unsafe for two reasons: (1) lt comes directly from the
/etc/hosts file.  It the length of this string is 512 characters or
longer, the 'strncpy' statement will not terminate the string 'buf2'.
(2) 'strncat' always adds a terminating '\0' after the appended
string.  If the string 'Config.appendDomain' is 512-strlen(lt)
characters or longer, the terminating '\0' will be written just
_after_ the last byte of 'buf2'.

This does not look very dangerous but, I think, it should be fixed
anyway.

I hope this helps,
Jochen

-- System Information:
Debian Release: testing/unstable
  APT prefers unstable
  APT policy: (500, 'unstable')
Architecture: i386 (i686)
Shell:  /bin/sh linked to /bin/bash
Kernel: Linux 2.6.17.13
Locale: LANG=en_GB.iso885915, LC_CTYPE=en_GB.iso885915 (charmap=ISO-8859-15)

--- End Message ---

--- Begin Message ---

Source: squid
Source-Version: 2.6.5-1

We believe that the bug you reported is fixed in the latest version of
squid, which is due to be installed in the Debian FTP archive:

squid-cgi_2.6.5-1_sparc.deb
  to pool/main/s/squid/squid-cgi_2.6.5-1_sparc.deb
squid-common_2.6.5-1_all.deb
  to pool/main/s/squid/squid-common_2.6.5-1_all.deb
squid_2.6.5-1.diff.gz
  to pool/main/s/squid/squid_2.6.5-1.diff.gz
squid_2.6.5-1.dsc
  to pool/main/s/squid/squid_2.6.5-1.dsc
squid_2.6.5-1_sparc.deb
  to pool/main/s/squid/squid_2.6.5-1_sparc.deb
squid_2.6.5.orig.tar.gz
  to pool/main/s/squid/squid_2.6.5.orig.tar.gz
squidclient_2.6.5-1_sparc.deb
  to pool/main/s/squid/squidclient_2.6.5-1_sparc.deb



A summary of the changes between this version and the previous one is
attached.

Thank you for reporting the bug, which will now be closed.  If you
have further comments please address them to [EMAIL PROTECTED],
and the maintainer will reopen the bug report if appropriate.

Debian distribution maintenance software
pp.
Luigi Gangitano <[EMAIL PROTECTED]> (supplier of updated squid package)

(This message was generated automatically at their request; if you
believe that there is a problem with it please contact the archive
administrators by mailing [EMAIL PROTECTED])


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Format: 1.7
Date: Mon,  6 Nov 2006 11:22:53 +0100
Source: squid
Binary: squid squid-cgi squidclient squid-common
Architecture: source sparc all
Version: 2.6.5-1
Distribution: unstable
Urgency: low
Maintainer: Luigi Gangitano <[EMAIL PROTECTED]>
Changed-By: Luigi Gangitano <[EMAIL PROTECTED]>
Description: 
 squid      - Internet Object Cache (WWW proxy cache)
 squid-cgi  - Squid cache manager CGI program
 squid-common - Internet Object Cache (WWW proxy cache) - common file
 squidclient - Command line URL extractor that talks to (a) squid
Closes: 392866
Changes: 
 squid (2.6.5-1) unstable; urgency=low
 .
   * New upstream release
     - Removed patched integreated upstream:
       + 50-coss-compile.patch
 .
   * debian/watch
     - Updated local version
 .
   * debian/patches/51-htcp-assert
     - Included upstream patch fixing error with big htcp packets
 .
   * debian/patches/52-hosts-overflow
     - Included upstream patch fixing buffer overflow (Closes: #392866)
 .
   * debian/patches/53-coss-assert
     - Included upstream patch fixing error while restarting a coss-enabled 
squid
 .
   * debian/patches/54-aufs-assert
     - Included upstream patch removing an assert causing squid to fail while
       using aufs
Files: 
 02f74465744fdb32ce450f67ebcc9ffd 657 web optional squid_2.6.5-1.dsc
 26cc918028340dc8ceb9c0c4b988d717 1636886 web optional squid_2.6.5.orig.tar.gz
 96fa371ce72ec7101c80ce5a266c5d58 265885 web optional squid_2.6.5-1.diff.gz
 d8d306daec7a8ebadde2f17ff202d0e1 436730 web optional 
squid-common_2.6.5-1_all.deb
 87e616821779f6345c53f623fd17cbec 663386 web optional squid_2.6.5-1_sparc.deb
 aa48c2920181636c5b8f22fb7b56a395 85646 web optional 
squidclient_2.6.5-1_sparc.deb
 f04eca3f1a1c63aa247b11f22e8ef6ca 112240 web optional 
squid-cgi_2.6.5-1_sparc.deb

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.5 (GNU/Linux)

iD8DBQFFTxrB8ZumGJJMDCYRAs1/AJ4xlkLQj1oeKzvlgT21Mqdm5itZCQCcDXZa
51XlKN/JHe5fVvBulwAXop4=
=zHPg
-----END PGP SIGNATURE-----

--- End Message ---