source: squid-ssl/trunk/fuentes/debian/patches/CVE-2016-10003.patch @ 5501

Last change on this file since 5501 was 5501, checked in by Juanma, 4 years ago

Initial release

File size: 5.1 KB
  • src/client_side_reply.cc

    Description: fix incorrect HTTP Request header comparison
    Origin: backport, http://www.squid-cache.org/Versions/v3/3.5/changesets/SQUID-2016_10_a.patch
    Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848491
    
    a b  
    545545        debugs(88, 5, "negative-HIT");
    546546        http->logType = LOG_TCP_NEGATIVE_HIT;
    547547        sendMoreData(result);
    548         return;
    549548    } else if (blockedHit()) {
    550549        debugs(88, 5, "send_hit forces a MISS");
    551550        http->logType = LOG_TCP_MISS;
     
    597596            http->logType = LOG_TCP_MISS;
    598597            processMiss();
    599598        }
    600         return;
    601599    } else if (r->conditional()) {
    602600        debugs(88, 5, "conditional HIT");
    603         if (processConditional(result))
    604             return;
    605     }
    606 
    607     /*
    608      * plain ol' cache hit
    609      */
    610     debugs(88, 5, "plain old HIT");
     601        processConditional(result);
     602    } else {
     603        /*
     604         * plain ol' cache hit
     605         */
     606        debugs(88, 5, "plain old HIT");
    611607
    612608#if USE_DELAY_POOLS
    613     if (e->store_status != STORE_OK)
    614         http->logType = LOG_TCP_MISS;
    615     else
     609        if (e->store_status != STORE_OK)
     610            http->logType = LOG_TCP_MISS;
     611        else
    616612#endif
    617         if (e->mem_status == IN_MEMORY)
    618             http->logType = LOG_TCP_MEM_HIT;
    619         else if (Config.onoff.offline)
    620             http->logType = LOG_TCP_OFFLINE_HIT;
     613            if (e->mem_status == IN_MEMORY)
     614                http->logType = LOG_TCP_MEM_HIT;
     615            else if (Config.onoff.offline)
     616                http->logType = LOG_TCP_OFFLINE_HIT;
    621617
    622     sendMoreData(result);
     618        sendMoreData(result);
     619    }
    623620}
    624621
    625622/**
     
    713710}
    714711
    715712/// process conditional request from client
    716 bool
     713void
    717714clientReplyContext::processConditional(StoreIOBuffer &result)
    718715{
    719716    StoreEntry *const e = http->storeEntry();
    720717
    721718    if (e->getReply()->sline.status() != Http::scOkay) {
    722         debugs(88, 4, "Reply code " << e->getReply()->sline.status() << " != 200");
     719        debugs(88, 4, "clientReplyContext::processConditional: Reply code " <<
     720               e->getReply()->sline.status() << " != 200");
    723721        http->logType = LOG_TCP_MISS;
    724722        processMiss();
    725         return true;
     723        return;
    726724    }
    727725
    728726    HttpRequest &r = *http->request;
     
    730728    if (r.header.has(HDR_IF_MATCH) && !e->hasIfMatchEtag(r)) {
    731729        // RFC 2616: reply with 412 Precondition Failed if If-Match did not match
    732730        sendPreconditionFailedError();
    733         return true;
     731        return;
    734732    }
    735733
     734    bool matchedIfNoneMatch = false;
    736735    if (r.header.has(HDR_IF_NONE_MATCH)) {
    737         // RFC 7232: If-None-Match recipient MUST ignore IMS
    738         r.flags.ims = false;
    739         r.ims = -1;
    740         r.imslen = 0;
    741         r.header.delById(HDR_IF_MODIFIED_SINCE);
     736        if (!e->hasIfNoneMatchEtag(r)) {
     737            // RFC 2616: ignore IMS if If-None-Match did not match
     738            r.flags.ims = false;
     739            r.ims = -1;
     740            r.imslen = 0;
     741            r.header.delById(HDR_IF_MODIFIED_SINCE);
     742            http->logType = LOG_TCP_MISS;
     743            sendMoreData(result);
     744            return;
     745        }
    742746
    743         if (e->hasIfNoneMatchEtag(r)) {
     747        if (!r.flags.ims) {
     748            // RFC 2616: if If-None-Match matched and there is no IMS,
     749            // reply with 304 Not Modified or 412 Precondition Failed
    744750            sendNotModifiedOrPreconditionFailedError();
    745             return true;
     751            return;
    746752        }
    747753
    748         // None-Match is true (no ETag matched); treat as an unconditional hit
    749         return false;
     754        // otherwise check IMS below to decide if we reply with 304 or 412
     755        matchedIfNoneMatch = true;
    750756    }
    751757
    752758    if (r.flags.ims) {
    753759        // handle If-Modified-Since requests from the client
    754760        if (e->modifiedSince(&r)) {
    755             // Modified-Since is true; treat as an unconditional hit
    756             return false;
     761            http->logType = LOG_TCP_IMS_HIT;
     762            sendMoreData(result);
     763            return;
     764        }
    757765
    758         } else {
    759             // otherwise reply with 304 Not Modified
    760             sendNotModified();
     766        if (matchedIfNoneMatch) {
     767            // If-None-Match matched, reply with 304 Not Modified or
     768            // 412 Precondition Failed
     769            sendNotModifiedOrPreconditionFailedError();
     770            return;
    761771        }
    762         return true;
    763     }
    764772
    765     return false;
     773        // otherwise reply with 304 Not Modified
     774        sendNotModified();
     775    }
    766776}
    767777
    768778/// whether squid.conf send_hit prevents us from serving this hit
     
    19091919    StoreEntry *e = http->storeEntry();
    19101920    const time_t timestamp = e->timestamp;
    19111921    HttpReply *const temprep = e->getReply()->make304();
    1912     // log as TCP_INM_HIT if code 304 generated for
    1913     // If-None-Match request
    1914     if (!http->request->flags.ims)
    1915         http->logType = LOG_TCP_INM_HIT;
    1916     else
    1917         http->logType = LOG_TCP_IMS_HIT;
     1922    http->logType = LOG_TCP_IMS_HIT;
    19181923    removeClientStoreReference(&sc, http);
    19191924    createStoreEntry(http->request->method, RequestFlags());
    19201925    e = http->storeEntry();
Note: See TracBrowser for help on using the repository browser.