webadmin/bpfire
1
0
Fork 0
mirror of https://github.com/vincentmli/bpfire.git synced 2026-04-09 18:45:54 +02:00
Code Issues Packages Projects Releases Wiki Activity

squid 3.5.27: Patch for SA 2018:2

Browse Source 
As announced, here is the second patch for 'squid 3.5.27'.

For details about this and the previous patch (2018_1) regarding "ESI Response
processing" and "HTTP message processing", see:

http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-announce-ADVISORY-SQUID-2018-1-Denial-of-Service-issue-in-ESI-Response-processing-tp4684618.html

http://squid-web-proxy-cache.1019090.n4.nabble.com/squid-announce-ADVISORY-SQUID-2018-2-Denial-of-Service-issue-in-HTTP-Message-processing-td4684617.html

Signed-off-by: Matthias Fischer <matthias.fischer@ipfire.org>
Signed-off-by: Michael Tremer <michael.tremer@ipfire.org>
This commit is contained in:
Matthias Fischer
2018-01-22 17:49:52 +01:00
committed by Michael Tremer
parent 101765c0fd
commit eb03c511fd
2 changed files with 24 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
lfs/squid
View File

@@ -71,6 +71,7 @@ $(TARGET) : $(patsubst %,$(DIR_DL)/%,$(objects))
@$(PREBUILD)
@rm -rf $(DIR_APP) && cd $(DIR_SRC) && tar xaf $(DIR_DL)/$(DL_FILE)
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/SQUID-2018_1.patch
cd $(DIR_APP) && patch -Np1 -i $(DIR_SRC)/src/patches/squid/SQUID-2018_2.patch
cd $(DIR_APP) && patch -Np0 -i $(DIR_SRC)/src/patches/squid/squid-3.5.27-fix-max-file-descriptors.patch
cd $(DIR_APP) && autoreconf -vfi

23
src/patches/squid/SQUID-2018_2.patch Normal file
View File

@@ -0,0 +1,23 @@
commit 8232b83d3fa47a1399f155cb829db829369fbae9 (refs/remotes/origin/v3.5)
Author: squidadm <squidadm@users.noreply.github.com>
Date: 2018-01-21 08:07:08 +1300
Fix indirect IP logging for transactions without a client connection (#129) (#136)
diff --git a/src/client_side_request.cc b/src/client_side_request.cc
index be124f3..203f89d 100644
--- a/src/client_side_request.cc
+++ b/src/client_side_request.cc
@@ -488,9 +488,9 @@ clientFollowXForwardedForCheck(allow_t answer, void *data)
* Ensure that the access log shows the indirect client
* instead of the direct client.
*/
- ConnStateData *conn = http->getConn();
- conn->log_addr = request->indirect_client_addr;
- http->al->cache.caddr = conn->log_addr;
+ http->al->cache.caddr = request->indirect_client_addr;
+ if (ConnStateData *conn = http->getConn())
+ conn->log_addr = request->indirect_client_addr;
}
request->x_forwarded_for_iterator.clean();
request->flags.done_follow_x_forwarded_for = true;