[squid/f18] CVE-2013-0189: Incomplete fix for the CVE-2012-5643

mluscon mluscon at fedoraproject.org
Fri Jan 25 09:51:21 UTC 2013 

commit 2b9bcd2b17ee572308e1c3eaa1bfdaf4e72cce96
Author: Michal Luscon <mluscon at redhat.com>
Date:   Fri Jan 25 10:17:48 2013 +0100

    CVE-2013-0189: Incomplete fix for the CVE-2012-5643

 CVE-2013-0189.patch |   85 +++++++++++++++++++++++++++++++++++++++++++++++++++
 squid.spec          |    7 +++-
 2 files changed, 91 insertions(+), 1 deletions(-)
---
diff --git a/CVE-2013-0189.patch b/CVE-2013-0189.patch
new file mode 100644
index 0000000..0d0e788
--- /dev/null
+++ b/CVE-2013-0189.patch
@@ -0,0 +1,85 @@
+------------------------------------------------------------
+revno: 11743
+revision-id: squid3 at treenet.co.nz-20130101052914-r4lk62270w4sh498
+parent: squid3 at treenet.co.nz-20121230074717-y9oekp0bfabt6szv
+committer: Amos Jeffries <squid3 at treenet.co.nz>
+branch nick: 3.2
+timestamp: Mon 2012-12-31 22:29:14 -0700
+message:
+  Additional pieces of SQUID-2012:1
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3 at treenet.co.nz-20130101052914-r4lk62270w4sh498
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+#   /SQUID_3_2
+# testament_sha1: 3cf80543cf33a78ae27d5178a8e9958854350ca3
+# timestamp: 2013-01-01 05:35:26 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+#   /SQUID_3_2
+# base_revision_id: squid3 at treenet.co.nz-20121230074717-\
+#   y9oekp0bfabt6szv
+# 
+# Begin patch
+=== modified file 'tools/cachemgr.cc'
+--- ./tools/cachemgr.cc	2012-11-29 11:15:32 +0000
++++ ./tools/cachemgr.cc	2013-01-01 05:29:14 +0000
+@@ -980,10 +980,10 @@
+ 
+     // limit the input to something reasonable.
+     // 4KB should be enough for the GET/POST data length, but may be extended.
+-    size_t bufLen = (len >= 4096 ? len : 4095);
++    size_t bufLen = (len < 4096 ? len : 4095);
+     char *buf = (char *)xmalloc(bufLen + 1);
+ 
+-    size_t readLen = fread(buf, bufLen, 1, stdin);
++    size_t readLen = fread(buf, 1, bufLen, stdin);
+     if (readLen == 0) {
+         xfree(buf);
+         return NULL;
+@@ -994,7 +994,7 @@
+     // purge the remainder of the request entity
+     while (len > 0) {
+         char temp[65535];
+-        readLen = fread(temp, 65535, 1, stdin);
++        readLen = fread(temp, 1, 65535, stdin);
+         len -= readLen;
+     }
+ 
+
+------------------------------------------------------------
+revno: 11744
+revision-id: squid3 at treenet.co.nz-20130108224018-5g5t67qy79rnboih
+parent: squid3 at treenet.co.nz-20130101052914-r4lk62270w4sh498
+author: Eygene Ryabinkin <rea at freebsd.org>
+committer: Amos Jeffries <squid3 at treenet.co.nz>
+branch nick: 3.2
+timestamp: Tue 2013-01-08 15:40:18 -0700
+message:
+  Another piece of SQUID-2012:1
+------------------------------------------------------------
+# Bazaar merge directive format 2 (Bazaar 0.90)
+# revision_id: squid3 at treenet.co.nz-20130108224018-5g5t67qy79rnboih
+# target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+#   /SQUID_3_2
+# testament_sha1: 0e05b63f51b67c2f34ddd5955b266c06fca288db
+# timestamp: 2013-01-08 22:45:41 +0000
+# source_branch: http://bzr.squid-cache.org/bzr/squid3/branches\
+#   /SQUID_3_2
+# base_revision_id: squid3 at treenet.co.nz-20130101052914-\
+#   r4lk62270w4sh498
+# 
+# Begin patch
+=== modified file 'tools/cachemgr.cc'
+--- ./tools/cachemgr.cc	2013-01-01 05:29:14 +0000
++++ ./tools/cachemgr.cc	2013-01-08 22:40:18 +0000
+@@ -992,7 +992,7 @@
+     len -= readLen;
+ 
+     // purge the remainder of the request entity
+-    while (len > 0) {
++    while (len > 0 && readLen) {
+         char temp[65535];
+         readLen = fread(temp, 1, 65535, stdin);
+         len -= readLen;
+
+ 
diff --git a/squid.spec b/squid.spec
index a215ef0..d5fa74b 100644
--- a/squid.spec
+++ b/squid.spec
@@ -4,7 +4,7 @@
 
 Name:     squid
 Version:  3.2.5
-Release:  1%{?dist}
+Release:  2%{?dist}
 Summary:  The Squid proxy caching server
 Epoch:    7
 # See CREDITS for breakdown of non GPLv2+ code
@@ -37,6 +37,7 @@ Patch202: squid-3.1.0.9-location.patch
 Patch203: squid-3.0.STABLE1-perlpath.patch
 Patch204: squid-3.2.0.9-fpic.patch
 Patch205: squid-3.1.9-ltdl.patch
+Patch206: CVE-2013-0189.patch
 
 Buildroot: %{_tmppath}/%{name}-%{version}-%{release}-root-%(%{__id_u} -n)
 Requires: bash >= 2.0
@@ -104,6 +105,7 @@ The squid-sysvinit contains SysV initscritps support.
 %patch203 -p1 -b .perlpath
 %patch204 -p1 -b .fpic
 %patch205 -p1 -b .ltdl
+%patch206 -p1 -b .CVE-2013-0189
 
 %build
 %ifarch sparcv9 sparc64 s390 s390x
@@ -307,6 +309,9 @@ fi
         /sbin/chkconfig --add squid >/dev/null 2>&1 || :
 
 %changelog
+* Thu Jan 24 2013 Michal Luscon <mluscon at redhat.com> - 7:3.2.5-2
+- CVE-2013-0189: Incomplete fix for the CVE-2012-5643
+
 * Mon Dec 17 2012 Michal Luscon <mluscon at redhat.com> - 7:3.2.5-1
 - Update to latest upstream version 3.2.5

More information about the scm-commits mailing list