diff options
Diffstat (limited to 'main/squid/squid-3.4-13235.patch')
| -rw-r--r-- | main/squid/squid-3.4-13235.patch | 97 |
1 files changed, 97 insertions, 0 deletions
diff --git a/main/squid/squid-3.4-13235.patch b/main/squid/squid-3.4-13235.patch new file mode 100644 index 00000000000..a3d1bb22d15 --- /dev/null +++ b/main/squid/squid-3.4-13235.patch @@ -0,0 +1,97 @@ +------------------------------------------------------------ +revno: 13235 +revision-id: squid3@treenet.co.nz-20160420111514-4hpxglbn9k15l5sa +parent: squid3@treenet.co.nz-20160420101437-36eofkldxfku61kj +committer: Amos Jeffries <squid3@treenet.co.nz> +branch nick: 3.4 +timestamp: Wed 2016-04-20 23:15:14 +1200 +message: + Fix several ESI element construction issues + + * Do not wrap active logic in assert(). + + * Fix localbuf array bounds checking. + + * Add Must() conditions to verify array writes will succeed +------------------------------------------------------------ +# Bazaar merge directive format 2 (Bazaar 0.90) +# revision_id: squid3@treenet.co.nz-20160420111514-4hpxglbn9k15l5sa +# target_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# testament_sha1: e95687b13c98667ab09966e7f94d511ca3e6ad96 +# timestamp: 2016-04-20 11:18:22 +0000 +# source_branch: http://bzr.squid-cache.org/bzr/squid3/3.4 +# base_revision_id: squid3@treenet.co.nz-20160420101437-\ +# 36eofkldxfku61kj +# +# Begin patch +=== modified file 'src/esi/Esi.cc' +--- a/src/esi/Esi.cc 2013-06-27 15:58:46 +0000 ++++ b/src/esi/Esi.cc 2016-04-20 11:15:14 +0000 +@@ -991,7 +991,7 @@ + ESIElement::Pointer element; + int specifiedattcount = attrCount * 2; + char *position; +- assert (ellen < sizeof (localbuf)); /* prevent unexpected overruns. */ ++ Must(ellen < sizeof(localbuf)); /* prevent unexpected overruns. */ + + debugs(86, 5, "ESIContext::Start: element '" << el << "' with " << specifiedattcount << " tags"); + +@@ -1005,15 +1005,17 @@ + /* Spit out elements we aren't interested in */ + localbuf[0] = '<'; + localbuf[1] = '\0'; +- assert (xstrncpy (&localbuf[1], el, sizeof(localbuf) - 2)); ++ xstrncpy(&localbuf[1], el, sizeof(localbuf) - 2); + position = localbuf + strlen (localbuf); + + for (i = 0; i < specifiedattcount && attr[i]; i += 2) { ++ Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 1); + *position = ' '; + ++position; + /* TODO: handle thisNode gracefully */ +- assert (xstrncpy (position, attr[i], sizeof(localbuf) + (position - localbuf))); ++ xstrncpy(position, attr[i], sizeof(localbuf) - (position - localbuf)); + position += strlen (position); ++ Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 2); + *position = '='; + ++position; + *position = '\"'; +@@ -1022,18 +1024,21 @@ + char ch; + while ((ch = *chPtr++) != '\0') { + if (ch == '\"') { +- assert( xstrncpy(position, """, sizeof(localbuf) + (position-localbuf)) ); ++ Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 6); ++ xstrncpy(position, """, sizeof(localbuf) - (position-localbuf)); + position += 6; + } else { ++ Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 1); + *position = ch; + ++position; + } + } +- position += strlen (position); ++ Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 1); + *position = '\"'; + ++position; + } + ++ Must(static_cast<size_t>(position - localbuf) < sizeof(localbuf) - 2); + *position = '>'; + ++position; + *position = '\0'; +@@ -1119,11 +1124,11 @@ + switch (ESIElement::IdentifyElement (el)) { + + case ESIElement::ESI_ELEMENT_NONE: +- assert (ellen < sizeof (localbuf)); /* prevent unexpected overruns. */ ++ Must(ellen < sizeof(localbuf) - 3); /* prevent unexpected overruns. */ + /* Add elements we aren't interested in */ + localbuf[0] = '<'; + localbuf[1] = '/'; +- assert (xstrncpy (&localbuf[2], el, sizeof(localbuf) - 3)); ++ xstrncpy(&localbuf[2], el, sizeof(localbuf) - 3); + position = localbuf + strlen (localbuf); + *position = '>'; + ++position; + |