Hi, Please find the NMU diff attached.
Cheers, Steffen
diff -u squid3-3.1.6/debian/changelog squid3-3.1.6/debian/changelog --- squid3-3.1.6/debian/changelog +++ squid3-3.1.6/debian/changelog @@ -1,3 +1,11 @@ +squid3 (3.1.6-1.1) unstable; urgency=high + + * Non-maintainer upload by the security team + * Fix DoS due to wrong string handling (Closes: #596086) + Fixes: CVE-2010-3072 + + -- Steffen Joeris <wh...@debian.org> Mon, 13 Sep 2010 17:07:51 +1000 + squid3 (3.1.6-1) unstable; urgency=low * New upstream release diff -u squid3-3.1.6/debian/patches/00list squid3-3.1.6/debian/patches/00list --- squid3-3.1.6/debian/patches/00list +++ squid3-3.1.6/debian/patches/00list @@ -3,0 +4 @@ +16-CVE-2010-3072 only in patch2: unchanged: --- squid3-3.1.6.orig/debian/patches/16-CVE-2010-3072.dpatch +++ squid3-3.1.6/debian/patches/16-CVE-2010-3072.dpatch @@ -0,0 +1,123 @@ +#! /bin/sh /usr/share/dpatch/dpatch-run + +...@dpatch@ +--- ../old/squid3-3.1.6/src/SquidString.h 2010-08-02 00:01:39.000000000 +1000 ++++ squid3-3.1.6/src/SquidString.h 2010-09-13 17:00:17.000000000 +1000 +@@ -167,6 +167,8 @@ + void allocBuffer(size_type sz); + void setBuffer(char *buf, size_type sz); + ++ _SQUID_INLINE_ bool nilCmp(bool, bool, int &) const; ++ + /* never reference these directly! */ + size_type size_; /* buffer size; 64K limit */ + +--- ../old/squid3-3.1.6/src/String.cci 2010-08-02 00:01:37.000000000 +1000 ++++ squid3-3.1.6/src/String.cci 2010-09-13 17:05:43.000000000 +1000 +@@ -88,19 +88,31 @@ + } + + +-int +-String::cmp (char const *aString) const ++/// compare NULL and empty strings because str*cmp() may fail on NULL strings ++/// and because we need to return consistent results for strncmp(count == 0). ++bool ++String::nilCmp(const bool thisIsNilOrEmpty, const bool otherIsNilOrEmpty, int &result) const + { +- /* strcmp fails on NULLS */ ++ if (!thisIsNilOrEmpty && !otherIsNilOrEmpty) ++ return false; // result does not matter + +- if (size() == 0 && (aString == NULL || aString[0] == '\0')) +- return 0; ++ if (thisIsNilOrEmpty && otherIsNilOrEmpty) ++ result = 0; ++ else if (thisIsNilOrEmpty) ++ result = -1; ++ else // otherIsNilOrEmpty ++ result = +1; ++ ++ return true; ++} + +- if (size() == 0) +- return -1; + +- if (aString == NULL || aString[0] == '\0') +- return 1; ++int ++String::cmp (char const *aString) const ++{ ++ int result = 0; ++ if (nilCmp(!size(), (!aString || !*aString), result)) ++ return result; + + return strcmp(termedBuf(), aString); + } +@@ -108,19 +120,10 @@ + int + String::cmp (char const *aString, String::size_type count) const + { +- /* always the same at length 0 */ +- +- if (count == 0) +- return 0; ++ int result = 0; ++ if (nilCmp((!size() || !count), (!aString || !*aString || !count), result)) ++ return result; + +- if (size() == 0 && (aString == NULL || aString[0] == '\0')) +- return 0; +- +- if (size() == 0) +- return -1; +- +- if (aString == NULL || aString[0] == '\0') +- return 1; + + return strncmp(termedBuf(), aString, count); + } +@@ -128,16 +131,10 @@ + int + String::cmp (String const &aString) const + { +- /* strcmp fails on NULLS */ +- +- if (size() == 0 && aString.size() == 0) +- return 0; +- +- if (size() == 0) +- return -1; ++ int result = 0; ++ if (nilCmp(!size(), !aString.size(), result)) ++ return result; + +- if (aString.size() == 0) +- return 1; + + return strcmp(termedBuf(), aString.termedBuf()); + } +@@ -145,12 +142,22 @@ + int + String::caseCmp(char const *aString) const + { ++ int result = 0; ++ if (nilCmp(!size(), (!aString || !*aString), result)) ++ return result; ++ ++ + return strcasecmp(termedBuf(), aString); + } + + int + String::caseCmp(char const *aString, String::size_type count) const + { ++ int result = 0; ++ if (nilCmp((!size() || !count), (!aString || !*aString || !count), result)) ++ return result; ++ ++ + return strncasecmp(termedBuf(), aString, count); + } +
signature.asc
Description: This is a digitally signed message part.