Hi Attached you'll find the NMU patch that has just been uploaded.
Cheers Steffen
diff -u squid-2.7.STABLE3/debian/changelog squid-2.7.STABLE3/debian/changelog --- squid-2.7.STABLE3/debian/changelog +++ squid-2.7.STABLE3/debian/changelog @@ -1,3 +1,11 @@ +squid (2.7.STABLE3-4.1) unstable; urgency=high + + * Non-maintainer upload by the security team + * Include upstream patch to fix DoS via error in request processing + code (Closes: #514142) + + -- Steffen Joeris <wh...@debian.org> Thu, 05 Feb 2009 18:28:57 +0000 + squid (2.7.STABLE3-4) unstable; urgency=low * debian/rules diff -u squid-2.7.STABLE3/debian/patches/00list squid-2.7.STABLE3/debian/patches/00list --- squid-2.7.STABLE3/debian/patches/00list +++ squid-2.7.STABLE3/debian/patches/00list @@ -9,0 +10 @@ +70-DoS-request-processing.patch only in patch2: unchanged: --- squid-2.7.STABLE3.orig/debian/patches/70-DoS-request-processing.patch +++ squid-2.7.STABLE3/debian/patches/70-DoS-request-processing.patch @@ -0,0 +1,68 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run +## + +...@dpatch@ +--- ../old/squid-2.7.STABLE3/src/HttpMsg.c 2007-12-13 01:20:48.000000000 +0000 ++++ squid-2.7.STABLE3/src/HttpMsg.c 2009-02-04 17:48:30.000000000 +0000 +@@ -256,11 +256,11 @@ + + /* next should be 1 or more digits */ + maj = 0; +- for (; i < hmsg->req_end && (xisdigit(hmsg->buf[i])); i++) { ++ for (; i < hmsg->req_end && (xisdigit(hmsg->buf[i])) && maj < 65536; i++) { + maj = maj * 10; + maj = maj + (hmsg->buf[i]) - '0'; + } +- if (i >= hmsg->req_end) { ++ if (i >= hmsg->req_end || maj >= 65536) { + retcode = -1; + goto finish; + } +@@ -276,11 +276,16 @@ + /* next should be one or more digits */ + i++; + min = 0; +- for (; i < hmsg->req_end && (xisdigit(hmsg->buf[i])); i++) { ++ for (; i < hmsg->req_end && (xisdigit(hmsg->buf[i])) && min < 65536; i++) { + min = min * 10; + min = min + (hmsg->buf[i]) - '0'; + } + ++ if (min >= 65536) { ++ retcode = -1; ++ goto finish; ++ } ++ + /* Find whitespace, end of version */ + hmsg->v_end = i; + hmsg->v_len = hmsg->v_end - hmsg->v_start + 1; +--- ../old/squid-2.7.STABLE3/src/HttpStatusLine.c 2007-12-13 01:20:48.000000000 +0000 ++++ squid-2.7.STABLE3/src/HttpStatusLine.c 2009-02-04 17:47:49.000000000 +0000 +@@ -97,11 +97,11 @@ + /* Format: HTTP/x.x <space> <status code> <space> <reason-phrase> CRLF */ + s = start; + maj = 0; +- for (s = start; s < end && xisdigit(*s); s++) { ++ for (s = start; s < end && xisdigit(*s) && maj < 65536; s++) { + maj = maj * 10; + maj = maj + *s - '0'; + } +- if (s >= end) { ++ if (s >= end || maj >= 65536) { + debug(57, 7) ("httpStatusLineParse: Invalid HTTP reply status major.\n"); + return 0; + } +@@ -113,11 +113,11 @@ + s++; + /* next should be minor number */ + min = 0; +- for (; s < end && xisdigit(*s); s++) { ++ for (; s < end && xisdigit(*s) && min < 65536; s++) { + min = min * 10; + min = min + *s - '0'; + } +- if (s >= end) { ++ if (s >= end || min >= 65536) { + debug(57, 7) ("httpStatusLineParse: Invalid HTTP reply status version minor.\n"); + return 0; + }
signature.asc
Description: This is a digitally signed message part.