Hi Attached you'll find the NMU patch that has just been uploaded.
Cheers Steffen
diff -u squid-2.7.STABLE3/debian/changelog squid-2.7.STABLE3/debian/changelog
--- squid-2.7.STABLE3/debian/changelog
+++ squid-2.7.STABLE3/debian/changelog
@@ -1,3 +1,11 @@
+squid (2.7.STABLE3-4.1) unstable; urgency=high
+
+ * Non-maintainer upload by the security team
+ * Include upstream patch to fix DoS via error in request processing
+ code (Closes: #514142)
+
+ -- Steffen Joeris <wh...@debian.org> Thu, 05 Feb 2009 18:28:57 +0000
+
squid (2.7.STABLE3-4) unstable; urgency=low
* debian/rules
diff -u squid-2.7.STABLE3/debian/patches/00list squid-2.7.STABLE3/debian/patches/00list
--- squid-2.7.STABLE3/debian/patches/00list
+++ squid-2.7.STABLE3/debian/patches/00list
@@ -9,0 +10 @@
+70-DoS-request-processing.patch
only in patch2:
unchanged:
--- squid-2.7.STABLE3.orig/debian/patches/70-DoS-request-processing.patch
+++ squid-2.7.STABLE3/debian/patches/70-DoS-request-processing.patch
@@ -0,0 +1,68 @@
+#! /bin/sh /usr/share/dpatch/dpatch-run
+##
+
+...@dpatch@
+--- ../old/squid-2.7.STABLE3/src/HttpMsg.c 2007-12-13 01:20:48.000000000 +0000
++++ squid-2.7.STABLE3/src/HttpMsg.c 2009-02-04 17:48:30.000000000 +0000
+@@ -256,11 +256,11 @@
+
+ /* next should be 1 or more digits */
+ maj = 0;
+- for (; i < hmsg->req_end && (xisdigit(hmsg->buf[i])); i++) {
++ for (; i < hmsg->req_end && (xisdigit(hmsg->buf[i])) && maj < 65536; i++) {
+ maj = maj * 10;
+ maj = maj + (hmsg->buf[i]) - '0';
+ }
+- if (i >= hmsg->req_end) {
++ if (i >= hmsg->req_end || maj >= 65536) {
+ retcode = -1;
+ goto finish;
+ }
+@@ -276,11 +276,16 @@
+ /* next should be one or more digits */
+ i++;
+ min = 0;
+- for (; i < hmsg->req_end && (xisdigit(hmsg->buf[i])); i++) {
++ for (; i < hmsg->req_end && (xisdigit(hmsg->buf[i])) && min < 65536; i++) {
+ min = min * 10;
+ min = min + (hmsg->buf[i]) - '0';
+ }
+
++ if (min >= 65536) {
++ retcode = -1;
++ goto finish;
++ }
++
+ /* Find whitespace, end of version */
+ hmsg->v_end = i;
+ hmsg->v_len = hmsg->v_end - hmsg->v_start + 1;
+--- ../old/squid-2.7.STABLE3/src/HttpStatusLine.c 2007-12-13 01:20:48.000000000 +0000
++++ squid-2.7.STABLE3/src/HttpStatusLine.c 2009-02-04 17:47:49.000000000 +0000
+@@ -97,11 +97,11 @@
+ /* Format: HTTP/x.x <space> <status code> <space> <reason-phrase> CRLF */
+ s = start;
+ maj = 0;
+- for (s = start; s < end && xisdigit(*s); s++) {
++ for (s = start; s < end && xisdigit(*s) && maj < 65536; s++) {
+ maj = maj * 10;
+ maj = maj + *s - '0';
+ }
+- if (s >= end) {
++ if (s >= end || maj >= 65536) {
+ debug(57, 7) ("httpStatusLineParse: Invalid HTTP reply status major.\n");
+ return 0;
+ }
+@@ -113,11 +113,11 @@
+ s++;
+ /* next should be minor number */
+ min = 0;
+- for (; s < end && xisdigit(*s); s++) {
++ for (; s < end && xisdigit(*s) && min < 65536; s++) {
+ min = min * 10;
+ min = min + *s - '0';
+ }
+- if (s >= end) {
++ if (s >= end || min >= 65536) {
+ debug(57, 7) ("httpStatusLineParse: Invalid HTTP reply status version minor.\n");
+ return 0;
+ }
signature.asc
Description: This is a digitally signed message part.
