21377893 problem in UTILITY/SQUID
23088298 problem in UTILITY/SQUID
23088308 problem in UTILITY/SQUID
Fix for CVE-2016-3947. See:
https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2016-3947
for more details. Based on the squid 3.5.X patch at:
http://www.squid-cache.org/Versions/v3/3.5/changesets/squid-3.5-14015.patch
--- squid-3.5.5/src/icmp/Icmp6.cc.orig 2016-04-12 11:19:40.947624766 -0700
+++ squid-3.5.5/src/icmp/Icmp6.cc 2016-04-12 11:20:00.180868789 -0700
@@ -256,7 +256,7 @@
#define ip6_hops // HOPS!!! (can it be true??)
ip = (struct ip6_hdr *) pkt;
- pkt += sizeof(ip6_hdr);
+ NP: echo size needs to +sizeof(ip6_hdr);
debugs(42, DBG_CRITICAL, HERE << "ip6_nxt=" << ip->ip6_nxt <<
", ip6_plen=" << ip->ip6_plen <<
@@ -267,7 +267,6 @@
*/
icmp6header = (struct icmp6_hdr *) pkt;
- pkt += sizeof(icmp6_hdr);
if (icmp6header->icmp6_type != ICMP6_ECHO_REPLY) {
@@ -292,7 +291,7 @@
return;
}
- echo = (icmpEchoData *) pkt;
+ echo = (icmpEchoData *) (pkt + sizeof(icmp6_hdr));
preply.opcode = echo->opcode;