rpms/squid/F-7 squid-2.6.STABLE16-pack_header.patch, NONE, 1.1 squid.spec, 1.87, 1.88

Martin Nagy (mnagy) fedora-extras-commits at redhat.com
Thu Dec 6 11:56:21 UTC 2007 

Author: mnagy

Update of /cvs/extras/rpms/squid/F-7
In directory cvs-int.fedora.redhat.com:/tmp/cvs-serv14955

Modified Files:
	squid.spec 
Added Files:
	squid-2.6.STABLE16-pack_header.patch 
Log Message:
* Thu Dec 06 2007 Martin Nagy <mnagy at redhat.com> - 7:2.6.STABLE16-1
- Upstream patch to fix CVE-2007-6239 (#410181)


squid-2.6.STABLE16-pack_header.patch:

--- NEW FILE squid-2.6.STABLE16-pack_header.patch ---
---------------------
PatchSet 11780 
Date: 2007/11/26 11:06:12
Author: adrian
Branch: SQUID_2_6
Tag: (none) 
Log:
Author: adrian
Patchsets 11745, 11746, 11751 (HEAD): pack header entries after the array has been modified; implement arrayShrink().

Long summary

Members: 
	include/Array.h:1.7->1.7.2.1 
	lib/Array.c:1.8->1.8.2.1 
	src/HttpHeader.c:1.91.2.2->1.91.2.3 

Index: squid/include/Array.h
===================================================================
RCS file: /cvsroot/squid/squid/include/Array.h,v
retrieving revision 1.7
retrieving revision 1.7.2.1
diff -u -r1.7 -r1.7.2.1
--- squid/include/Array.h	23 Oct 2005 15:20:49 -0000	1.7
+++ squid/include/Array.h	26 Nov 2007 11:06:12 -0000	1.7.2.1
@@ -1,5 +1,5 @@
 /*
- * $Id: Array.h,v 1.7 2005/10/23 15:20:49 hno Exp $
+ * $Id: Array.h,v 1.7.2.1 2007/11/26 11:06:12 adrian Exp $
  *
  * AUTHOR: Alex Rousskov
  *
@@ -50,6 +50,8 @@
 extern void arrayAppend(Array * s, void *obj);
 extern void arrayInsert(Array * s, void *obj, int position);
 extern void arrayPreAppend(Array * s, int app_count);
+extern void arrayShrink(Array *a, int new_count);
+
 
 
 #endif /* SQUID_ARRAY_H */
Index: squid/lib/Array.c
===================================================================
RCS file: /cvsroot/squid/squid/lib/Array.c,v
retrieving revision 1.8
retrieving revision 1.8.2.1
diff -u -r1.8 -r1.8.2.1
--- squid/lib/Array.c	23 Oct 2005 15:20:49 -0000	1.8
+++ squid/lib/Array.c	26 Nov 2007 11:06:12 -0000	1.8.2.1
@@ -1,5 +1,5 @@
 /*
- * $Id: Array.c,v 1.8 2005/10/23 15:20:49 hno Exp $
+ * $Id: Array.c,v 1.8.2.1 2007/11/26 11:06:12 adrian Exp $
  *
  * AUTHOR: Alex Rousskov
  *
@@ -138,3 +138,11 @@
     /* reset, just in case */
     memset(a->items + a->count, 0, (a->capacity - a->count) * sizeof(void *));
 }
+
+void
+arrayShrink(Array *a, int new_count)
+{
+	assert(new_count < a->capacity);
+	assert(new_count >= 0);
+	a->count = new_count;
+}
Index: squid/src/HttpHeader.c
===================================================================
RCS file: /cvsroot/squid/squid/src/HttpHeader.c,v
retrieving revision 1.91.2.2
retrieving revision 1.91.2.3
diff -u -r1.91.2.2 -r1.91.2.3
--- squid/src/HttpHeader.c	26 Feb 2007 22:41:46 -0000	1.91.2.2
+++ squid/src/HttpHeader.c	26 Nov 2007 11:06:13 -0000	1.91.2.3
@@ -1,6 +1,6 @@
 
 /*
- * $Id: HttpHeader.c,v 1.91.2.2 2007/02/26 22:41:46 hno Exp $
+ * $Id: HttpHeader.c,v 1.91.2.3 2007/11/26 11:06:13 adrian Exp $
  *
  * DEBUG: section 55    HTTP Header
  * AUTHOR: Alex Rousskov
@@ -380,12 +380,34 @@
     }
 }
 
+static void
+httpHeaderRepack(HttpHeader * hdr)
+{
+    HttpHeaderPos dp = HttpHeaderInitPos;
+    HttpHeaderPos pos = HttpHeaderInitPos;
+
+    /* XXX breaks layering for now! ie, getting grubby fingers in without httpHeaderEntryGet() */
+    dp = 0;
+    pos = 0;
+    while (dp < hdr->entries.count) {
+	for (; dp < hdr->entries.count && hdr->entries.items[dp] == NULL; dp++);
+	assert(dp < hdr->entries.count);
+	hdr->entries.items[pos] = hdr->entries.items[dp];
+	if (dp != pos)
+	    hdr->entries.items[dp] = NULL;
+	pos++;
+	dp++;
+    }
+    arrayShrink(&hdr->entries, pos);
+}
+
 /* use fresh entries to replace old ones */
 void
 httpHeaderUpdate(HttpHeader * old, const HttpHeader * fresh, const HttpHeaderMask * denied_mask)
 {
     const HttpHeaderEntry *e;
     HttpHeaderPos pos = HttpHeaderInitPos;
+
     assert(old && fresh);
     assert(old != fresh);
     debug(55, 7) ("updating hdr: %p <- %p\n", old, fresh);
@@ -400,6 +422,9 @@
 	    httpHeaderDelByName(old, strBuf(e->name));
 	httpHeaderAddEntry(old, httpHeaderEntryClone(e));
     }
+
+    /* And now, repack the array to "fill in the holes" */
+    httpHeaderRepack(old);
 }
 
 /* just handy in parsing: resets and returns false */


Index: squid.spec
===================================================================
RCS file: /cvs/extras/rpms/squid/F-7/squid.spec,v
retrieving revision 1.87
retrieving revision 1.88
diff -u -r1.87 -r1.88
--- squid.spec	7 Sep 2007 16:36:44 -0000	1.87
+++ squid.spec	6 Dec 2007 11:55:48 -0000	1.88
@@ -5,7 +5,7 @@
 Summary:  The Squid proxy caching server
 Name:     squid
 Version:  2.6.STABLE16
-Release:  1%{?dist}
+Release:  2%{?dist}
 Epoch:    7
 License:  GPL
 Group:    System Environment/Daemons
@@ -20,6 +20,7 @@
 ## Source99: filter-requires-squid.sh
 
 # Upstream patches
+Patch1: squid-2.6.STABLE16-pack_header.patch
 
 # External patches
 
@@ -56,6 +57,7 @@
 %prep
 %setup -q
 
+%patch1 -p1 -b .pack_header
 %patch201 -p1 -b .config
 %patch202 -p1 -b .location
 %patch203 -p1 -b .build
@@ -326,6 +328,9 @@
     chgrp squid /var/cache/samba/winbindd_privileged >/dev/null 2>&1 || :
 
 %changelog
+* Thu Dec 06 2007 Martin Nagy <mnagy at redhat.com> - 7:2.6.STABLE16-1
+- Upstream patch to fix CVE-2007-6239 (#410181)
+
 * Fri Sep  7 2007 Martin Bacovsky <mbacovsk at redhat.com> - 7:2.6.STABLE16-1
 - upgrade to latest upstream 2.6.STABLE14

More information about the fedora-extras-commits mailing list