Attachment #190916 for bug #226139

Lines 2-8 Link Here

(-)Makefile (-1 / +1 lines)
2		2
3	PORTNAME= squid	3	PORTNAME= squid
4	PORTVERSION= 3.5.27	4	PORTVERSION= 3.5.27
5	PORTREVISION= 2	5	PORTREVISION= 3
6	CATEGORIES= www ipv6	6	CATEGORIES= www ipv6
7	MASTER_SITES= http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \	7	MASTER_SITES= http://www.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \
8	http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \	8	http://www2.us.squid-cache.org/Versions/v3/${PORTVERSION:R}/ \




commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5)
Author: squidadm <squidadm@users.noreply.github.com>
Date:   2018-01-21 08:07:08 +1300

    Fix indirect IP logging for transactions without a client connection (#129) (#136)

diff --git src/client_side_request.cc src/client_side_request.cc
index be124f3..203f89d 100644
--- src/client_side_request.cc
+++ src/client_side_request.cc
@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *data)
         * Ensure that the access log shows the indirect client
         * instead of the direct client.
         */
-        ConnStateData *conn = http->getConn();
-        conn->log_addr = request->indirect_client_addr;
-        http->al->cache.caddr = conn->log_addr;
+        http->al->cache.caddr = request->indirect_client_addr;
+        if (ConnStateData *conn = http->getConn())
+            conn->log_addr = request->indirect_client_addr;
     }
     request->x_forwarded_for_iterator.clean();
     request->flags.done_follow_x_forwarded_for = true;

Return to bug 226139

Line 0 Link Here

(-)files/patch-CVE-2018-1000027 (+23 lines)
	1	commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5)
	2	Author: squidadm <squidadm@users.noreply.github.com>
	3	Date: 2018-01-21 08:07:08 +1300
	4
	5	Fix indirect IP logging for transactions without a client connection (#129) (#136)
	6
	7	diff --git src/client_side_request.cc src/client_side_request.cc
	8	index be124f3..203f89d 100644
	9	--- src/client_side_request.cc
	10	+++ src/client_side_request.cc
	11	@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *data)
	12	* Ensure that the access log shows the indirect client
	13	* instead of the direct client.
	14	*/
	15	- ConnStateData *conn = http->getConn();
	16	- conn->log_addr = request->indirect_client_addr;
	17	- http->al->cache.caddr = conn->log_addr;
	18	+ http->al->cache.caddr = request->indirect_client_addr;
	19	+ if (ConnStateData *conn = http->getConn())
	20	+ conn->log_addr = request->indirect_client_addr;
	21	}
	22	request->x_forwarded_for_iterator.clean();
	23	request->flags.done_follow_x_forwarded_for = true;