Sign Up
Log In
Log In
or
Sign Up
Places
All Projects
Status Monitor
Collapse sidebar
SUSE:SLE-12-SP2:Update
squid.32277
SQUID-2023_4.patch
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
File SQUID-2023_4.patch of Package squid.32277
From 12b8efc07ff74548d5582c4890f8bdb9057a1bb3 Mon Sep 17 00:00:00 2001 From: Andreas Weigel <andreas.weigel@securepoint.de> Date: Wed, 18 Oct 2023 04:14:31 +0000 Subject: [PATCH] Fix validation of certificates with CN=* (#1523) The bug was discovered and detailed by Joshua Rogers at https://megamansec.github.io/Squid-Security-Audit/ where it was filed as "Buffer UnderRead in SSL CN Parsing". --- src/anyp/Uri.cc | 6 ++++++ 1 file changed, 6 insertions(+) Index: squid-3.5.21/src/url.cc =================================================================== --- squid-3.5.21.orig/src/url.cc +++ squid-3.5.21/src/url.cc @@ -89,6 +89,10 @@ urlInitialize(void) assert(0 == matchDomainName("*.foo.com", ".foo.com", mdnHonorWildcards)); assert(0 != matchDomainName("*.foo.com", "foo.com", mdnHonorWildcards)); + assert(0 != matchDomainName("foo.com", "")); + assert(0 != matchDomainName("foo.com", "", mdnHonorWildcards)); + assert(0 != matchDomainName("foo.com", "", mdnRejectSubsubDomains)); + /* more cases? */ } @@ -855,6 +859,8 @@ matchDomainName(const char *h, const cha return -1; dl = strlen(d); + if (dl == 0) + return 1; /* * Start at the ends of the two strings and work towards the
Locations
Projects
Search
Status Monitor
Help
OpenBuildService.org
Documentation
API Documentation
Code of Conduct
Contact
Support
@OBShq
Terms
openSUSE Build Service is sponsored by
The Open Build Service is an
openSUSE project
.
Sign Up
Log In
Places
Places
All Projects
Status Monitor