[squid-users] Reg: Squid clientAbortBody() Denial of Service Vulnerability

From: Durai raj <tech_durai@dont-contact.us>
Date: Sun, 19 Sep 2004 21:32:38 -0700 (PDT)

Hello All,

  For the bug called "Squid clientAbortBody() Denial
of Service
Vulnerability", I saw the following patch for this
bug.

  --- squid-2.5.STABLE5/src/client_side.c.orig Mon
May 10 11:14:33 2004
  +++ squid-2.5.STABLE5/src/client_side.c Mon May 10
11:14:50 2004
  @@ -3282,7 +3282,7 @@
       CBCB *callback;
       void *cbdata;
       int valid;
  - if (!conn->body.callback || conn->body.request
!= request)
  + if (conn == NULL || !conn->body.callback ||
conn->body.request !=
request)
      return;
       buf = conn->body.buf;
       callback = conn->body.callback;

However, I saw the solution as below for this bug.

SOLUTION:
        A patch has been applied to version
2.5.STABLE5 and 2.5.STABLE6.
However, it may reportedly only address the issue
partially.

Is this partially fix OR this bug partially reported?
What is the correct solution for this bug?

I am using Squid version 2.5.STABLE6.

Thanks,
Durai.

---
Outgoing mail is certified Virus Free.
Checked by AVG anti-virus system
(http://www.grisoft.com).
Version: 6.0.760 / Virus Database: 509 - Release Date:
9/10/2004
__________________________________________________
Do You Yahoo!?
Tired of spam?  Yahoo! Mail has the best spam protection around 
http://mail.yahoo.com 
Received on Sun Sep 19 2004 - 22:32:49 MDT

This archive was generated by hypermail pre-2.1.9 : Fri Oct 01 2004 - 12:00:02 MDT