Overview

File CVE-2019-18860.patch of Package squid.31747

Backport of https://github.com/squid-cache/squid/pull/504
https://bugzilla.suse.com/show_bug.cgi?id=1167373


Index: squid-3.5.21/src/base/CharacterSet.cc
===================================================================
--- squid-3.5.21.orig/src/base/CharacterSet.cc
+++ squid-3.5.21/src/base/CharacterSet.cc
@@ -7,7 +7,7 @@
  */
 
 #include "squid.h"
-#include "CharacterSet.h"
+#include "base/CharacterSet.h"
 
 #include <algorithm>
 #include <functional>
Index: squid-3.5.21/tools/Makefile.am
===================================================================
--- squid-3.5.21.orig/tools/Makefile.am
+++ squid-3.5.21/tools/Makefile.am
@@ -34,6 +34,9 @@ test_tools.cc: $(top_srcdir)/test-suite/
 stub_debug.cc: $(top_srcdir)/src/tests/stub_debug.cc
 	cp $(top_srcdir)/src/tests/stub_debug.cc .
 
+CharacterSet.cc: $(top_srcdir)/src/base/CharacterSet.cc
+	cp $(top_srcdir)/src/base/CharacterSet.cc $@
+
 MemBuf.cc: $(top_srcdir)/src/MemBuf.cc
 	cp $(top_srcdir)/src/MemBuf.cc $@
 
@@ -51,7 +54,7 @@ stub_mem.cc: $(top_srcdir)/src/tests/stu
 # globals.cc is needed by test_tools.cc.
 # Neither of these should be disted from here.
 TESTSOURCES= test_tools.cc
-CLEANFILES += test_tools.cc MemBuf.cc stub_debug.cc time.cc stub_cbdata.cc stub_mem.cc
+CLEANFILES += test_tools.cc CharacterSet.cc MemBuf.cc stub_debug.cc time.cc stub_cbdata.cc stub_mem.cc
 
 ## ##### helper-mux #####
 
@@ -69,6 +72,7 @@ DEFAULT_CACHEMGR_CONFIG = $(sysconfdir)/
 libexec_PROGRAMS = cachemgr$(CGIEXT)
 
 cachemgr__CGIEXT__SOURCES = cachemgr.cc \
+	CharacterSet.cc \
 	MemBuf.cc \
 	stub_cbdata.cc \
 	stub_debug.cc \
Index: squid-3.5.21/tools/cachemgr.cc
===================================================================
--- squid-3.5.21.orig/tools/cachemgr.cc
+++ squid-3.5.21/tools/cachemgr.cc
@@ -8,6 +8,7 @@
 
 #include "squid.h"
 #include "base64.h"
+#include "base/CharacterSet.h"
 #include "getfullhostname.h"
 #include "html_quote.h"
 #include "ip/Address.h"
@@ -215,6 +216,21 @@ xstrtok(char **str, char del)
         return "";
 }
 
+bool
+hostname_check(const char *uri)
+{
+    static CharacterSet hostChars = CharacterSet("host",".:[]_") +
+            CharacterSet::ALPHA + CharacterSet::DIGIT;
+
+    const auto limit = strlen(uri);
+    for (size_t i = 0; i < limit; i++) {
+        if (!hostChars[uri[i]]) {
+              return false;
+        }
+    }
+    return true;
+}
+
 static void
 print_trailer(void)
 {
@@ -806,9 +822,15 @@ process_request(cachemgr_request * req)
     } else if ((S = req->hostname))
         (void) 0;
     else {
-        snprintf(buf, sizeof(buf), "Unknown host: %s\n", req->hostname);
-        error_html(buf);
-        return 1;
+        if (hostname_check(req->hostname)) {
+            snprintf(buf, sizeof(buf), "Unknown Host: %s\n", req->hostname);
+            error_html(buf);
+            return 1;
+        } else {
+            snprintf(buf, sizeof(buf), "%s\n", "Invalid Hostname");
+            error_html(buf);
+            return 1;
+        }
     }
 
     S.port(req->port);
openSUSE Build Service is sponsored by
Places