--- /dev/null Thu Jan 01 00:00:00 1970 +0000
+++ b/components/squid/patches/CVE-2016-3947.patch Wed Apr 13 10:14:18 2016 -0700
@@ -0,0 +1,36 @@
+Fix for CVE-2016-3947. See:
+
+ https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3947
+
+for more details. Based on the squid 3.5.X patch at:
+
+ http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch
+
+--- squid-3.5.5/src/icmp/Icmp6.cc.orig 2016-04-12 11:19:40.947624766 -0700
++++ squid-3.5.5/src/icmp/Icmp6.cc 2016-04-12 11:20:00.180868789 -0700
+@@ -256,7 +256,7 @@
+ #define ip6_hops // HOPS!!! (can it be true??)
+
+ ip = (struct ip6_hdr *) pkt;
+- pkt += sizeof(ip6_hdr);
++ NP: echo size needs to +sizeof(ip6_hdr);
+
+ debugs(42, DBG_CRITICAL, HERE << "ip6_nxt=" << ip->ip6_nxt <<
+ ", ip6_plen=" << ip->ip6_plen <<
+@@ -267,7 +267,6 @@
+ */
+
+ icmp6header = (struct icmp6_hdr *) pkt;
+- pkt += sizeof(icmp6_hdr);
+
+ if (icmp6header->icmp6_type != ICMP6_ECHO_REPLY) {
+
+@@ -292,7 +291,7 @@
+ return;
+ }
+
+- echo = (icmpEchoData *) pkt;
++ echo = (icmpEchoData *) (pkt + sizeof(icmp6_hdr));
+
+ preply.opcode = echo->opcode;
+