c8-stream-4
imports/c8-stream-4/squid-4.15-10.module+el8.10.0+22489+b920747d.3
parent
12a52a0d36
commit
3ca3390f52
@ -0,0 +1,31 @@
|
||||
commit 8fcff9c09824b18628f010d26a04247f6a6cbcb8
|
||||
Author: Alex Rousskov <rousskov@measurement-factory.com>
|
||||
Date: Sun Nov 12 09:33:20 2023 +0000
|
||||
|
||||
Do not update StoreEntry expiration after errorAppendEntry() (#1580)
|
||||
|
||||
errorAppendEntry() is responsible for setting entry expiration times,
|
||||
which it does by calling StoreEntry::storeErrorResponse() that calls
|
||||
StoreEntry::negativeCache().
|
||||
|
||||
This change was triggered by a vulnerability report by Joshua Rogers at
|
||||
https://megamansec.github.io/Squid-Security-Audit/cache-uaf.html where
|
||||
it was filed as "Use-After-Free in Cache Manager Errors". The reported
|
||||
"use after free" vulnerability was unknowingly addressed by 2022 commit
|
||||
1fa761a that removed excessively long "reentrant" store_client calls
|
||||
responsible for the disappearance of the properly locked StoreEntry in
|
||||
this (and probably other) contexts.
|
||||
|
||||
|
||||
diff --git a/src/cache_manager.cc b/src/cache_manager.cc
|
||||
index 8055ece..fdcc9cf 100644
|
||||
--- a/src/cache_manager.cc
|
||||
+++ b/src/cache_manager.cc
|
||||
@@ -323,7 +323,6 @@ CacheManager::Start(const Comm::ConnectionPointer &client, HttpRequest * request
|
||||
const auto err = new ErrorState(ERR_INVALID_URL, Http::scNotFound, request);
|
||||
err->url = xstrdup(entry->url());
|
||||
errorAppendEntry(entry, err);
|
||||
- entry->expires = squid_curtime;
|
||||
return;
|
||||
}
|
||||
|
Loading…
Reference in new issue