Changeset 5501


Ignore:
Timestamp:
Jul 13, 2017, 9:41:03 AM (23 months ago)
Author:
Juanma
Message:

Initial release

Location:
squid-ssl/trunk/fuentes
Files:
1 deleted
1 edited

Legend:

Unmodified
Added
Removed
  • squid-ssl/trunk/fuentes/debian/patches/CVE-2016-10003.patch

    r5498 r5501  
    33Bug-Debian: http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=848491
    44
    5 Index: squid3-3.5.12/src/client_side_reply.cc
    6 ===================================================================
    7 --- squid3-3.5.12.orig/src/client_side_reply.cc 2017-02-03 13:07:09.557882072 -0500
    8 +++ squid3-3.5.12/src/client_side_reply.cc      2017-02-03 13:07:25.046075698 -0500
    9 @@ -474,6 +474,16 @@
    10          return;
     5--- a/src/client_side_reply.cc
     6+++ b/src/client_side_reply.cc
     7@@ -545,7 +545,6 @@
     8         debugs(88, 5, "negative-HIT");
     9         http->logType = LOG_TCP_NEGATIVE_HIT;
     10         sendMoreData(result);
     11-        return;
     12     } else if (blockedHit()) {
     13         debugs(88, 5, "send_hit forces a MISS");
     14         http->logType = LOG_TCP_MISS;
     15@@ -597,29 +596,27 @@
     16             http->logType = LOG_TCP_MISS;
     17             processMiss();
     18         }
     19-        return;
     20     } else if (r->conditional()) {
     21         debugs(88, 5, "conditional HIT");
     22-        if (processConditional(result))
     23-            return;
     24-    }
     25-
     26-    /*
     27-     * plain ol' cache hit
     28-     */
     29-    debugs(88, 5, "plain old HIT");
     30+        processConditional(result);
     31+    } else {
     32+        /*
     33+         * plain ol' cache hit
     34+         */
     35+        debugs(88, 5, "plain old HIT");
     36 
     37 #if USE_DELAY_POOLS
     38-    if (e->store_status != STORE_OK)
     39-        http->logType = LOG_TCP_MISS;
     40-    else
     41+        if (e->store_status != STORE_OK)
     42+            http->logType = LOG_TCP_MISS;
     43+        else
     44 #endif
     45-        if (e->mem_status == IN_MEMORY)
     46-            http->logType = LOG_TCP_MEM_HIT;
     47-        else if (Config.onoff.offline)
     48-            http->logType = LOG_TCP_OFFLINE_HIT;
     49+            if (e->mem_status == IN_MEMORY)
     50+                http->logType = LOG_TCP_MEM_HIT;
     51+            else if (Config.onoff.offline)
     52+                http->logType = LOG_TCP_OFFLINE_HIT;
     53 
     54-    sendMoreData(result);
     55+        sendMoreData(result);
     56+    }
     57 }
     58 
     59 /**
     60@@ -713,16 +710,17 @@
     61 }
     62 
     63 /// process conditional request from client
     64-bool
     65+void
     66 clientReplyContext::processConditional(StoreIOBuffer &result)
     67 {
     68     StoreEntry *const e = http->storeEntry();
     69 
     70     if (e->getReply()->sline.status() != Http::scOkay) {
     71-        debugs(88, 4, "Reply code " << e->getReply()->sline.status() << " != 200");
     72+        debugs(88, 4, "clientReplyContext::processConditional: Reply code " <<
     73+               e->getReply()->sline.status() << " != 200");
     74         http->logType = LOG_TCP_MISS;
     75         processMiss();
     76-        return true;
     77+        return;
    1178     }
    1279 
    13 +    // The previously identified hit suddenly became unsharable!
    14 +    // This is common for collapsed forwarding slaves but might also
    15 +    // happen to regular hits because we are called asynchronously.
    16 +    if (EBIT_TEST(e->flags, KEY_PRIVATE)) {
    17 +        debugs(88, 3, "unsharable " << *e << ". MISS");
    18 +        http->logType = LOG_TCP_MISS;
    19 +        processMiss();
     80     HttpRequest &r = *http->request;
     81@@ -730,39 +728,51 @@
     82     if (r.header.has(HDR_IF_MATCH) && !e->hasIfMatchEtag(r)) {
     83         // RFC 2616: reply with 412 Precondition Failed if If-Match did not match
     84         sendPreconditionFailedError();
     85-        return true;
    2086+        return;
     87     }
     88 
     89+    bool matchedIfNoneMatch = false;
     90     if (r.header.has(HDR_IF_NONE_MATCH)) {
     91-        // RFC 7232: If-None-Match recipient MUST ignore IMS
     92-        r.flags.ims = false;
     93-        r.ims = -1;
     94-        r.imslen = 0;
     95-        r.header.delById(HDR_IF_MODIFIED_SINCE);
     96+        if (!e->hasIfNoneMatchEtag(r)) {
     97+            // RFC 2616: ignore IMS if If-None-Match did not match
     98+            r.flags.ims = false;
     99+            r.ims = -1;
     100+            r.imslen = 0;
     101+            r.header.delById(HDR_IF_MODIFIED_SINCE);
     102+            http->logType = LOG_TCP_MISS;
     103+            sendMoreData(result);
     104+            return;
     105+        }
     106 
     107-        if (e->hasIfNoneMatchEtag(r)) {
     108+        if (!r.flags.ims) {
     109+            // RFC 2616: if If-None-Match matched and there is no IMS,
     110+            // reply with 304 Not Modified or 412 Precondition Failed
     111             sendNotModifiedOrPreconditionFailedError();
     112-            return true;
     113+            return;
     114         }
     115 
     116-        // None-Match is true (no ETag matched); treat as an unconditional hit
     117-        return false;
     118+        // otherwise check IMS below to decide if we reply with 304 or 412
     119+        matchedIfNoneMatch = true;
     120     }
     121 
     122     if (r.flags.ims) {
     123         // handle If-Modified-Since requests from the client
     124         if (e->modifiedSince(&r)) {
     125-            // Modified-Since is true; treat as an unconditional hit
     126-            return false;
     127+            http->logType = LOG_TCP_IMS_HIT;
     128+            sendMoreData(result);
     129+            return;
     130+        }
     131 
     132-        } else {
     133-            // otherwise reply with 304 Not Modified
     134-            sendNotModified();
     135+        if (matchedIfNoneMatch) {
     136+            // If-None-Match matched, reply with 304 Not Modified or
     137+            // 412 Precondition Failed
     138+            sendNotModifiedOrPreconditionFailedError();
     139+            return;
     140         }
     141-        return true;
     142-    }
     143 
     144-    return false;
     145+        // otherwise reply with 304 Not Modified
     146+        sendNotModified();
    21147+    }
    22 +
    23      if (result.length == 0) {
    24          debugs(88, 5, "store IO buffer has no content. MISS");
    25          /* the store couldn't get enough data from the file for us to id the
     148 }
     149 
     150 /// whether squid.conf send_hit prevents us from serving this hit
     151@@ -1909,12 +1919,7 @@
     152     StoreEntry *e = http->storeEntry();
     153     const time_t timestamp = e->timestamp;
     154     HttpReply *const temprep = e->getReply()->make304();
     155-    // log as TCP_INM_HIT if code 304 generated for
     156-    // If-None-Match request
     157-    if (!http->request->flags.ims)
     158-        http->logType = LOG_TCP_INM_HIT;
     159-    else
     160-        http->logType = LOG_TCP_IMS_HIT;
     161+    http->logType = LOG_TCP_IMS_HIT;
     162     removeClientStoreReference(&sc, http);
     163     createStoreEntry(http->request->method, RequestFlags());
     164     e = http->storeEntry();
Note: See TracChangeset for help on using the changeset viewer.