------------------------------------------------------------ revno: 14038 revision-id: squid3@treenet.co.nz-20160502033935-ne2aqlnch2asje28 parent: squid3@treenet.co.nz-20160420122139-yhdowlpj6vigdy8r committer: Amos Jeffries branch nick: 3.5 timestamp: Mon 2016-05-02 15:39:35 +1200 message: Require exact match in Host header name lookup ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20160502033935-ne2aqlnch2asje28 # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 # testament_sha1: 4aac9dbc31cf0a61f4acfe451d2976568479c52c # timestamp: 2016-05-02 03:51:04 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 # base_revision_id: squid3@treenet.co.nz-20160420122139-\ # yhdowlpj6vigdy8r # # Begin patch === modified file 'src/mime_header.cc' --- src/mime_header.cc 2016-01-01 00:14:27 +0000 +++ src/mime_header.cc 2016-05-02 03:39:35 +0000 @@ -40,9 +40,6 @@ if (strcmp(p, "\r\n\r\n") == 0 || strcmp(p, "\n\n") == 0) return NULL; - while (xisspace(*p)) - ++p; - if (strncasecmp(p, name, namelen)) continue; ------------------------------------------------------------ revno: 14049 revision-id: squid3@treenet.co.nz-20160508124107-uxv7oonp7841tlf3 parent: squidadm@squid-cache.org-20160506121415-1nfh46micwe370ar fixes bug: http://bugs.squid-cache.org/show_bug.cgi?id=4515 committer: Amos Jeffries branch nick: 3.5 timestamp: Mon 2016-05-09 00:41:07 +1200 message: Bug 4515: regression after CVE-2016-4554 patch ------------------------------------------------------------ # Bazaar merge directive format 2 (Bazaar 0.90) # revision_id: squid3@treenet.co.nz-20160508124107-uxv7oonp7841tlf3 # target_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 # testament_sha1: 07f2df5acc152cd6f8fc37cacfdcc4b187ea308b # timestamp: 2016-05-08 12:47:34 +0000 # source_branch: http://bzr.squid-cache.org/bzr/squid3/3.5 # base_revision_id: squidadm@squid-cache.org-20160506121415-\ # 1nfh46micwe370ar # # Begin patch === modified file 'src/mime_header.cc' --- src/mime_header.cc 2016-05-02 03:39:35 +0000 +++ src/mime_header.cc 2016-05-08 12:41:07 +0000 @@ -36,10 +36,13 @@ debugs(25, 5, "mime_get_header: looking for '" << name << "'"); - for (p = mime; *p; p += strcspn(p, "\n\r")) { - if (strcmp(p, "\r\n\r\n") == 0 || strcmp(p, "\n\n") == 0) + for (p = mime; *p; p += strcspn(p, "\n")) { + if (strcmp(p, "\n\r\n") == 0 || strcmp(p, "\n\n") == 0) return NULL; + if (*p == '\n') + ++p; + if (strncasecmp(p, name, namelen)) continue;