FreeBSD Bugzilla – Attachment 44169 Details for
Bug 68448
[Maintainer] www/squid: fix FOLLOW_XFF, use vendor patch for NTLM vulnerability
Home
|
New
|
Browse
|
Search
|
[?]
|
Reports
|
Help
|
New Account
|
Log In
Remember
[x]
|
Forgot Password
Login:
[x]
[patch]
file.diff
file.diff (text/plain), 5.74 KB, created by
Thomas-Martin Seck
on 2004-06-28 17:30:25 UTC
(
hide
)
Description:
file.diff
Filename:
MIME Type:
Creator:
Thomas-Martin Seck
Created:
2004-06-28 17:30:25 UTC
Size:
5.74 KB
patch
obsolete
>Index: distinfo >=================================================================== >--- distinfo (.../www/squid) (revision 101) >+++ distinfo (.../local/squid) (revision 101) >@@ -48,3 +48,5 @@ > SIZE (squid2.5/squid-2.5.STABLE5-CONNECT_log_size.patch) = 2011 > MD5 (squid2.5/squid-2.5.STABLE5-proxy_abuse.patch) = 8b169a288a0491a760f4d04c4f5eab21 > SIZE (squid2.5/squid-2.5.STABLE5-proxy_abuse.patch) = 761 >+MD5 (squid2.5/squid-2.5.STABLE5-ntlm_auth_overflow.patch) = 30c7c5e2ba03655dbde9d3e65409baed >+SIZE (squid2.5/squid-2.5.STABLE5-ntlm_auth_overflow.patch) = 3198 >Index: files/follow_xff-configure.patch >=================================================================== >--- files/follow_xff-configure.patch (.../www/squid) (revision 101) >+++ files/follow_xff-configure.patch (.../local/squid) (revision 101) >@@ -1,10 +1,23 @@ >-!Patch configure directly to enable testing for the >-!--enable-follow-x-forwarding-for configuration option >-!instead of running configure.in through autoconf as in the >-!original follow-XFF patchset from devel.squid-cache.org. >+!Simulate the autotools bootstrap of the follow-x-forwarded-for patchset. >+! > !Beware that all line number informations in configure.log greater >-!than 2972 are offset by -29 (correcting all line numbers would have >+!than 2972 are offset by at least -29 (correcting all line numbers would have > !bloated the patch by 92kB!) >+--- include/autoconf.h.in.orig Sat Jan 18 02:46:11 2003 >++++ include/autoconf.h.in Thu Jun 24 13:19:07 2004 >+@@ -291,6 +291,12 @@ >+ #define USE_IDENT 1 >+ >+ /* >++ * Compile in support for following X-Forwarded-For headers? >++ * Enabled by default. >++ */ >++#define FOLLOW_X_FORWARDED_FOR 1 >++ >++/* >+ * If your system has statvfs(), and if it actually works! >+ */ >+ #undef HAVE_STATVFS > --- configure.orig Tue Mar 2 10:18:14 2004 > +++ configure Tue Mar 2 10:18:56 2004 > @@ -222,6 +222,12 @@ >Index: files/patch-helpers-ntlm_auth-SMB-libntlmssp.c >=================================================================== >--- files/patch-helpers-ntlm_auth-SMB-libntlmssp.c (.../www/squid) (revision 101) >+++ files/patch-helpers-ntlm_auth-SMB-libntlmssp.c (.../local/squid) (revision 101) >@@ -1,78 +0,0 @@ >-This patch fixes a buffer overflow vulnerability in the NTLM auth >-helper which was reported by iDefense on the 07th June 2004. >-Original advisory: >-<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false> >-CVE-ID: CAN-2004-0541 >-Patch and correction obtained from: >-<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch> >-<http://www.squid-cache.org/bugs/show_bug.cgi?id=998> >- >---- helpers/ntlm_auth/SMB/libntlmssp.c.orig Fri Nov 30 10:50:06 2001 >-+++ helpers/ntlm_auth/SMB/libntlmssp.c Fri Jun 18 13:17:35 2004 >-@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai >- #define min(A,B) (A<B?A:B) >- >- int ntlm_errno; >--static char credentials[1024]; /* we can afford to waste */ >-+#define MAX_USERNAME_LEN 255 >-+#define MAX_DOMAIN_LEN 255 >-+#define MAX_PASSWD_LEN 31 >-+static char credentials[MAX_USERNAME_LEN+MAX_DOMAIN_LEN+2]; /* we can afford to waste */ >- >- >- /* Fetches the user's credentials from the challenge. >-@@ -197,7 +200,7 @@ char * >- ntlm_check_auth(ntlm_authenticate * auth, int auth_length) >- { >- int rv; >-- char pass[25] /*, encrypted_pass[40] */; >-+ char pass[MAX_PASSWD_LEN+1]; >- char *domain = credentials; >- char *user; >- lstring tmp; >-@@ -215,6 +218,11 @@ ntlm_check_auth(ntlm_authenticate * auth >- ntlm_errno = NTLM_LOGON_ERROR; >- return NULL; >- } >-+ if (tmp.l > MAX_DOMAIN_LEN) { >-+ debug("Domain string exceeds %d bytes, rejecting\n", MAX_DOMAIN_LEN); >-+ ntlm_errno = NTLM_LOGON_ERROR; >-+ return NULL; >-+ } >- memcpy(domain, tmp.str, tmp.l); >- user = domain + tmp.l; >- *user++ = '\0'; >-@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth >- ntlm_errno = NTLM_LOGON_ERROR; >- return NULL; >- } >-+ if (tmp.l > MAX_USERNAME_LEN) { >-+ debug("Username string exceeds %d bytes, rejecting\n", MAX_USERNAME_LEN); >-+ ntlm_errno = NTLM_LOGON_ERROR; >-+ return NULL; >-+ } >- memcpy(user, tmp.str, tmp.l); >- *(user + tmp.l) = '\0'; >- >- >-- /* Authenticating against the NT response doesn't seem to work... */ >-+ /* Authenticating against the NT response doesn't seem to work... */ >- tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->lmresponse); >- if (tmp.str == NULL || tmp.l == 0) { >- fprintf(stderr, "No auth at all. Returning no-auth\n"); >- ntlm_errno = NTLM_LOGON_ERROR; >- return NULL; >- } >-- >-+ if (tmp.l > MAX_PASSWD_LEN) { >-+ debug("Password string exceeds %d bytes, rejecting\n", MAX_PASSWD_LEN); >-+ ntlm_errno = NTLM_LOGON_ERROR; >-+ return NULL; >-+ } >-+ >- memcpy(pass, tmp.str, tmp.l); >-- pass[25] = '\0'; >-+ pass[min(MAX_PASSWD_LEN,tmp.l)] = '\0'; >- >- #if 1 >- debug ("Empty LM pass detection: user: '%s', ours:'%s', his: '%s'" >Index: Makefile >=================================================================== >--- Makefile (.../www/squid) (revision 101) >+++ Makefile (.../local/squid) (revision 101) >@@ -29,7 +29,7 @@ > > PORTNAME= squid > PORTVERSION= 2.5.5 >-PORTREVISION= 11 >+PORTREVISION= 12 > CATEGORIES= www > MASTER_SITES= \ > ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \ >@@ -65,7 +65,8 @@ > squid-2.5.STABLE5-dns_localhost.patch \ > squid-2.5.STABLE5-msnt_auth_doc.patch \ > squid-2.5.STABLE5-CONNECT_log_size.patch \ >- squid-2.5.STABLE5-proxy_abuse.patch >+ squid-2.5.STABLE5-proxy_abuse.patch \ >+ squid-2.5.STABLE5-ntlm_auth_overflow.patch > PATCH_DIST_STRIP= -p1 > > MAINTAINER= tmseck@netcologne.de >@@ -123,7 +124,7 @@ > > # Authentication methods and modules: > >-basic_auth= NCSA PAM YP MSNT winbind >+basic_auth= NCSA PAM YP MSNT SMB winbind > external_acl= ip_user unix_group wbinfo_group winbind_group > MAN8+= pam_auth.8 squid_unix_group.8 > .if defined(WITH_SQUID_LDAP_AUTH)
<b>You cannot view the attachment while viewing its details because your browser does not support IFRAMEs. <a href="attachment.cgi?id=44169">View the attachment on a separate page</a>.</b>
View Attachment As Diff
View Attachment As Raw
Actions:
View
|
Diff
Attachments on
bug 68448
: 44169