| Message ID | 20240804210351.1650471-1-peter.marko@siemens.com |
|---|---|
| State | New |
| Headers | show |
| Series | [meta-networking,scarthgap] squid: patch CVE-2024-37894 | expand |
Gentle ping. > -----Original Message----- > From: Marko, Peter (ADV D EU SK BFS1) <Peter.Marko@siemens.com> > Sent: Sunday, August 4, 2024 23:04 > To: openembedded-devel@lists.openembedded.org > Cc: Marko, Peter (ADV D EU SK BFS1) <Peter.Marko@siemens.com> > Subject: [meta-networking][scarthgap][PATCH] squid: patch CVE-2024-37894 > > From: Peter Marko <peter.marko@siemens.com> > > Reference: https://github.com/squid-cache/squid/security/advisories/GHSA- > wgvf-q977-9xjg > > Signed-off-by: Peter Marko <peter.marko@siemens.com> > --- > .../squid/files/CVE-2024-37894.patch | 36 +++++++++++++++++++ > .../recipes-daemons/squid/squid_6.9.bb | 1 + > 2 files changed, 37 insertions(+) > create mode 100644 meta-networking/recipes-daemons/squid/files/CVE-2024- > 37894.patch > > diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2024- > 37894.patch b/meta-networking/recipes-daemons/squid/files/CVE-2024- > 37894.patch > new file mode 100644 > index 0000000000..ba12b71d6f > --- /dev/null > +++ b/meta-networking/recipes-daemons/squid/files/CVE-2024-37894.patch > @@ -0,0 +1,36 @@ > +From 920563e7a080155fae3ced73d6198781e8b0ff04 Mon Sep 17 00:00:00 > 2001 > +From: Francesco Chemolli <5175948+kinkie@users.noreply.github.com> > +Date: Sun, 2 Jun 2024 14:41:16 +0000 > +Subject: [PATCH] Bug 5378: type mismatch in libTrie (#1830) > + > +TrieNode::add() incorrectly computed an offset of an internal data > +structure, resulting in out-of-bounds memory accesses that could cause > +corruption or crashes. > + > +This bug was discovered and detailed by Joshua Rogers at > +https://megamansec.github.io/Squid-Security-Audit/esi-underflow.html > +where it was filed as "Buffer Underflow in ESI". > + > +CVE: CVE-2024-37894 > +Upstream-Status: Backport [https://github.com/squid- > cache/squid/commit/920563e7a080155fae3ced73d6198781e8b0ff04] > +Signed-off-by: Peter Marko <peter.marko@siemens.com> > +--- > + lib/libTrie/TrieNode.cc | 2 +- > + 1 file changed, 1 insertion(+), 1 deletion(-) > + > +diff --git a/lib/libTrie/TrieNode.cc b/lib/libTrie/TrieNode.cc > +index 0f991a06d..d417e0f54 100644 > +--- a/lib/libTrie/TrieNode.cc > ++++ b/lib/libTrie/TrieNode.cc > +@@ -32,7 +32,7 @@ TrieNode::add(char const *aString, size_t theLength, void > *privatedata, TrieChar > + /* We trust that privatedata and existent keys have already been checked */ > + > + if (theLength) { > +- int index = transform ? (*transform)(*aString): *aString; > ++ const unsigned char index = transform ? (*transform)(*aString): *aString; > + > + if (!internal[index]) > + internal[index] = new TrieNode; > +-- > +2.30.2 > + > diff --git a/meta-networking/recipes-daemons/squid/squid_6.9.bb b/meta- > networking/recipes-daemons/squid/squid_6.9.bb > index 33d286e122..61fc6027b3 100644 > --- a/meta-networking/recipes-daemons/squid/squid_6.9.bb > +++ b/meta-networking/recipes-daemons/squid/squid_6.9.bb > @@ -20,6 +20,7 @@ SRC_URI = "http://www.squid- > cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.xz \ > file://volatiles.03_squid \ > file://0002-squid-make-squid-conf-tests-run-on-target-device.patch \ > file://squid.nm \ > + file://CVE-2024-37894.patch \ > " > > SRC_URI[sha256sum] = > "1ad72d46e1cb556e9561214f0fb181adb87c7c47927ef69bc8acd68a03f61882" > -- > 2.30.2
diff --git a/meta-networking/recipes-daemons/squid/files/CVE-2024-37894.patch b/meta-networking/recipes-daemons/squid/files/CVE-2024-37894.patch new file mode 100644 index 0000000000..ba12b71d6f --- /dev/null +++ b/meta-networking/recipes-daemons/squid/files/CVE-2024-37894.patch @@ -0,0 +1,36 @@ +From 920563e7a080155fae3ced73d6198781e8b0ff04 Mon Sep 17 00:00:00 2001 +From: Francesco Chemolli <5175948+kinkie@users.noreply.github.com> +Date: Sun, 2 Jun 2024 14:41:16 +0000 +Subject: [PATCH] Bug 5378: type mismatch in libTrie (#1830) + +TrieNode::add() incorrectly computed an offset of an internal data +structure, resulting in out-of-bounds memory accesses that could cause +corruption or crashes. + +This bug was discovered and detailed by Joshua Rogers at +https://megamansec.github.io/Squid-Security-Audit/esi-underflow.html +where it was filed as "Buffer Underflow in ESI". + +CVE: CVE-2024-37894 +Upstream-Status: Backport [https://github.com/squid-cache/squid/commit/920563e7a080155fae3ced73d6198781e8b0ff04] +Signed-off-by: Peter Marko <peter.marko@siemens.com> +--- + lib/libTrie/TrieNode.cc | 2 +- + 1 file changed, 1 insertion(+), 1 deletion(-) + +diff --git a/lib/libTrie/TrieNode.cc b/lib/libTrie/TrieNode.cc +index 0f991a06d..d417e0f54 100644 +--- a/lib/libTrie/TrieNode.cc ++++ b/lib/libTrie/TrieNode.cc +@@ -32,7 +32,7 @@ TrieNode::add(char const *aString, size_t theLength, void *privatedata, TrieChar + /* We trust that privatedata and existent keys have already been checked */ + + if (theLength) { +- int index = transform ? (*transform)(*aString): *aString; ++ const unsigned char index = transform ? (*transform)(*aString): *aString; + + if (!internal[index]) + internal[index] = new TrieNode; +-- +2.30.2 + diff --git a/meta-networking/recipes-daemons/squid/squid_6.9.bb b/meta-networking/recipes-daemons/squid/squid_6.9.bb index 33d286e122..61fc6027b3 100644 --- a/meta-networking/recipes-daemons/squid/squid_6.9.bb +++ b/meta-networking/recipes-daemons/squid/squid_6.9.bb @@ -20,6 +20,7 @@ SRC_URI = "http://www.squid-cache.org/Versions/v${MAJ_VER}/${BPN}-${PV}.tar.xz \ file://volatiles.03_squid \ file://0002-squid-make-squid-conf-tests-run-on-target-device.patch \ file://squid.nm \ + file://CVE-2024-37894.patch \ " SRC_URI[sha256sum] = "1ad72d46e1cb556e9561214f0fb181adb87c7c47927ef69bc8acd68a03f61882"