------------------------------------------------------------ revno: 10496 revision-id: squid3@treenet.co.nz-20160502040937-373njoa4mgxsvph5 parent: squid3@treenet.co.nz-20160330144753-t66h1goeagnq0e0c committer: Amos Jeffries branch nick: 3.1 timestamp: Mon 2016-05-02 16:09:37 +1200 message: Require exact match in Host header name lookup ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20160502040937-373njoa4mgxsvph5 # target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ # /SQUID_3_1 # testament_sha1: 2c8e790fd77e9af445c9397e35b02b35b7a2e089 # timestamp: 2016-05-02 04:50:16 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.1 # base_revision_id: squid3@treenet.co.nz-20160330144753-\ # t66h1goeagnq0e0c # # Begin patch === modified file 'src/mime_header.cc' --- src/mime_header.cc 2009-07-26 10:38:40 +0000 +++ src/mime_header.cc 2016-05-02 04:09:37 +0000 @@ -70,9 +70,6 @@ if (strcmp(p, "\r\n\r\n") == 0 || strcmp(p, "\n\n") == 0) return NULL; - while (xisspace(*p)) - p++; - if (strncasecmp(p, name, namelen)) continue; ------------------------------------------------------------ revno: 10497 revision-id: squid3@treenet.co.nz-20160508124529-bz8uegx4sthhz390 parent: squid3@treenet.co.nz-20160502040937-373njoa4mgxsvph5 fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4515 committer: Amos Jeffries branch nick: 3.1 timestamp: Mon 2016-05-09 00:45:29 +1200 message: Bug 4515: regression after CVE-2016-4554 patch ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20160508124529-bz8uegx4sthhz390 # target_branch: http://bzr.squid-cache.org/bzr/squid3/branches\ # /SQUID_3_1 # testament_sha1: eeb7e7a1e61dfc0638cdf352429863b15f58a7e3 # timestamp: 2016-05-08 12:50:17 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.1 # base_revision_id: squid3@treenet.co.nz-20160502040937-\ # 373njoa4mgxsvph5 # # Begin patch === modified file 'src/mime_header.cc' --- src/mime_header.cc 2016-05-02 04:09:37 +0000 +++ src/mime_header.cc 2016-05-08 12:45:29 +0000 @@ -66,10 +66,13 @@ debugs(25, 5, "mime_get_header: looking for '" << name << "'"); - for (p = mime; *p; p += strcspn(p, "\n\r")) { - if (strcmp(p, "\r\n\r\n") == 0 || strcmp(p, "\n\n") == 0) + for (p = mime; *p; p += strcspn(p, "\n")) { + if (strcmp(p, "\n\r\n") == 0 || strcmp(p, "\n\n") == 0) return NULL; + if (*p == '\n') + ++p; + if (strncasecmp(p, name, namelen)) continue;