On Wed, 04 Jan 2012 20:30:35 +0100, Bram wrote:
> Hi,
>
>
> Some questions about bug 3113 and squid-3.0.STABLE26
>
> http://bugs.squid-cache.org/show_bug.cgi?id=3113
> "Squid can eat far too much memory when uploading files."
>
> a) Does anyone have a backport for this bug to squid-3.0?
> The fix is commited on squid-3.1 and squid-3.2 but a patch does not
> appear to be avaiable
> for squid-3.0.
3.0 is obsolete and this is a minor DoS vulnerability only opened as a
vulnerability at all by recent browser changes.
If you can verify that the port works without additional side effects
I'm happy to apply it to the 3.0 branch for a snapshot update.
>
> b) Assuming the answer to question 'a)' is no:
> Is anyone able/willing to review the attached patch?
> This is a backport (or at least an attmept) to squid-3.0.
>
> The 'patch' is based on:
> * http://bugs.squid-cache.org/attachment.cgi?id=2327 - "Possible fix,
> fourth iteration"
> * http://bazaar.launchpad.net/~squid/squid/3.1/revision/10171 - "Bug
> 3113: Squid can eat far too much memory when uploading files"
>
> [I obviously tested this and everything appears to be working but a
> review would be appreciated]
Seems okay for the bits it is changing. It is missing the cache_cf.cc
config file input validation hunk which can be seen at the top of the
bzr patch though.
I have not reviewed for reads in 3.0 which need to have the
makeSpaceAvailable() check added.
Amos
Received on Wed Jan 04 2012 - 23:29:41 MST
This archive was generated by hypermail 2.2.0 : Thu Jan 05 2012 - 12:00:07 MST