squid: Backport fix for CVE-2023-49285

Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b] Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com> Signed-off-by: Armin Kuster <akuster808@gmail.com>
author: Vivek Kumbhar <vkumbhar@mvista.com> 2024-01-08 18:37:13 +0530
committer: Armin Kuster <akuster808@gmail.com> 2024-02-07 18:41:40 -0500
commit: b72149572d948ae312c7bdac0e443348e5236ad5 (patch)
tree: 43a064475b0437f1c12e1c6cbccd430234c5fc9c
parent: 901ddf5a3d1985fc9956bf40fa6fdaa7626c9e3d (diff)
download: meta-openembedded-b72149572d948ae312c7bdac0e443348e5236ad5.tar.gz
2 files changed, 38 insertions, 0 deletions
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch
new file mode 100644
index 0000000000..6909f754f3
--- /dev/null
+++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch
@@ -0,0 +1,37 @@
+From 77b3fb4df0f126784d5fd4967c28ed40eb8d521b Mon Sep 17 00:00:00 2001
+From: Alex Rousskov <rousskov@measurement-factory.com>
+Date: Wed, 25 Oct 2023 19:41:45 +0000
+Subject: [PATCH] RFC 1123: Fix date parsing (#1538)
+The bug was discovered and detailed by Joshua Rogers at
+https://megamansec.github.io/Squid-Security-Audit/datetime-overflow.html
+where it was filed as "1-Byte Buffer OverRead in RFC 1123 date/time
+Handling".
+Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b]
+CVE: CVE-2023-49285
+Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
+---
+ lib/rfc1123.c | 6 ++++++
+ 1 file changed, 6 insertions(+)
+diff --git a/lib/rfc1123.c b/lib/rfc1123.c
+index 2d889cc..add63f0 100644
+--- a/lib/rfc1123.c
+++ b/lib/rfc1123.c
+@@ -50,7 +50,13 @@ make_month(const char *s)
+     char month[3];
+     month[0] = xtoupper(*s);
+    if (!month[0])
+        return -1; // protects *(s + 1) below
+
+     month[1] = xtolower(*(s + 1));
+    if (!month[1])
+        return -1; // protects *(s + 2) below
+
+     month[2] = xtolower(*(s + 2));
+     for (i = 0; i < 12; i++)
+--
+2.39.3
diff --git a/meta-networking/recipes-daemons/squid/squid_4.15.bb b/meta-networking/recipes-daemons/squid/squid_4.15.bb
index 3027806742..fb293453f1 100644
--- a/meta-networking/recipes-daemons/squid/squid_4.15.bb
+++ b/meta-networking/recipes-daemons/squid/squid_4.15.bb
@@ -26,6 +26,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2
           file://0001-splay.cc-fix-bind-is-not-a-member-of-std.patch \
           file://0001-Fix-build-on-Fedora-Rawhide-772.patch \
           file://CVE-2023-46847.patch \
+           file://CVE-2023-49285.patch \
           "
 SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"
author	Vivek Kumbhar <vkumbhar@mvista.com>	2024-01-08 18:37:13 +0530
committer	Armin Kuster <akuster808@gmail.com>	2024-02-07 18:41:40 -0500
commit	b72149572d948ae312c7bdac0e443348e5236ad5 (patch)
tree	43a064475b0437f1c12e1c6cbccd430234c5fc9c
parent	901ddf5a3d1985fc9956bf40fa6fdaa7626c9e3d (diff)
download	meta-openembedded-b72149572d948ae312c7bdac0e443348e5236ad5.tar.gz

diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch b/meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch new file mode 100644 index 0000000000..6909f754f3 --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/CVE-2023-49285.patch
@@ -0,0 +1,37 @@
		1	From 77b3fb4df0f126784d5fd4967c28ed40eb8d521b Mon Sep 17 00:00:00 2001
		2	From: Alex Rousskov <rousskov@measurement-factory.com>
		3	Date: Wed, 25 Oct 2023 19:41:45 +0000
		4	Subject: [PATCH] RFC 1123: Fix date parsing (#1538)
		5
		6	The bug was discovered and detailed by Joshua Rogers at
		7	https://megamansec.github.io/Squid-Security-Audit/datetime-overflow.html
		8	where it was filed as "1-Byte Buffer OverRead in RFC 1123 date/time
		9	Handling".
		10
		11	Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/77b3fb4df0f126784d5fd4967c28ed40eb8d521b]
		12	CVE: CVE-2023-49285
		13	Signed-off-by: Vivek Kumbhar <vkumbhar@mvista.com>
		14	---
		15	lib/rfc1123.c \| 6 ++++++
		16	1 file changed, 6 insertions(+)
		17
		18	diff --git a/lib/rfc1123.c b/lib/rfc1123.c
		19	index 2d889cc..add63f0 100644
		20	--- a/lib/rfc1123.c
		21	+++ b/lib/rfc1123.c
		22	@@ -50,7 +50,13 @@ make_month(const char *s)
		23	char month[3];
		24
		25	month[0] = xtoupper(*s);
		26	+ if (!month[0])
		27	+ return -1; // protects *(s + 1) below
		28	+
		29	month[1] = xtolower(*(s + 1));
		30	+ if (!month[1])
		31	+ return -1; // protects *(s + 2) below
		32	+
		33	month[2] = xtolower(*(s + 2));
		34
		35	for (i = 0; i < 12; i++)
		36	--
		37	2.39.3


diff --git a/meta-networking/recipes-daemons/squid/squid_4.15.bb b/meta-networking/recipes-daemons/squid/squid_4.15.bb index 3027806742..fb293453f1 100644 --- a/meta-networking/recipes-daemons/squid/squid_4.15.bb +++ b/meta-networking/recipes-daemons/squid/squid_4.15.bb
@@ -26,6 +26,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.bz2
26	file://0001-splay.cc-fix-bind-is-not-a-member-of-std.patch \	26	file://0001-splay.cc-fix-bind-is-not-a-member-of-std.patch \
27	file://0001-Fix-build-on-Fedora-Rawhide-772.patch \	27	file://0001-Fix-build-on-Fedora-Rawhide-772.patch \
28	file://CVE-2023-46847.patch \	28	file://CVE-2023-46847.patch \
		29	file://CVE-2023-49285.patch \
29	"	30	"
30		31
31	SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"	32	SRC_URI:remove:toolchain-clang = "file://0001-configure-Check-for-Wno-error-format-truncation-comp.patch"