[packages/squid.git] / squid-2.5.STABLE7-wccp_denial_of_service.patch

Index: squid/src/wccp.c
diff -c squid/src/wccp.c:1.19.2.5 squid/src/wccp.c:1.19.2.6
*** squid/src/wccp.c:1.19.2.5	Thu Oct 24 12:51:14 2002
--- squid/src/wccp.c	Tue Jan 11 23:07:12 2005
***************
*** 245,250 ****
--- 245,260 ----
  	return;
      if (ntohl(wccp_i_see_you.type) != WCCP_I_SEE_YOU)
  	return;
+     if (ntohl(wccp_i_see_you.number) > WCCP_ACTIVE_CACHES) {
+ 	debug(80, 1) ("Ignoring WCCP_I_SEE_YOU from %s with number of caches set to %d\n",
+ 	    inet_ntoa(from.sin_addr), (int) ntohl(wccp_i_see_you.number));
+ 	return;
+     }
+     if (ntohl(wccp_i_see_you.number) <= 0) {
+ 	debug(80, 1) ("Ignoring WCCP_I_SEE_YOU from %s with non-positive number of caches\n",
+ 	    inet_ntoa(from.sin_addr));
+ 	return;
+     }
      if ((0 == change) && (number_caches == ntohl(wccp_i_see_you.number))) {
  	if (last_assign_buckets_change == wccp_i_see_you.change) {
  	    /*
***************
*** 274,280 ****
--- 284,294 ----
  wccpLowestIP(void)
  {
      int loop;
+     /*
+      * We sanity checked wccp_i_see_you.number back in wccpHandleUdp()
+      */
      for (loop = 0; loop < ntohl(wccp_i_see_you.number); loop++) {
+ 	assert(loop < WCCP_ACTIVE_CACHES);
  	if (wccp_i_see_you.wccp_cache_entry[loop].ip_addr.s_addr < local_ip.s_addr)
  	    return 0;
      }
***************
*** 311,318 ****
  
      debug(80, 6) ("wccpAssignBuckets: Called\n");
      number_caches = ntohl(wccp_i_see_you.number);
!     if (number_caches > WCCP_ACTIVE_CACHES)
! 	number_caches = WCCP_ACTIVE_CACHES;
      wab_len = sizeof(struct wccp_assign_bucket_t);
      cache_len = WCCP_CACHE_LEN * number_caches;
  
--- 325,332 ----
  
      debug(80, 6) ("wccpAssignBuckets: Called\n");
      number_caches = ntohl(wccp_i_see_you.number);
!     assert(number_caches > 0);
!     assert(number_caches <= WCCP_ACTIVE_CACHES);
      wab_len = sizeof(struct wccp_assign_bucket_t);
      cache_len = WCCP_CACHE_LEN * number_caches;
Commit	Line	Data
657376c6	1	Index: squid/src/wccp.c
	2	diff -c squid/src/wccp.c:1.19.2.5 squid/src/wccp.c:1.19.2.6
	3	*** squid/src/wccp.c:1.19.2.5 Thu Oct 24 12:51:14 2002
	4	--- squid/src/wccp.c Tue Jan 11 23:07:12 2005
	5	***************
	6	* 245,250 **
	7	--- 245,260 ----
	8	return;
	9	if (ntohl(wccp_i_see_you.type) != WCCP_I_SEE_YOU)
	10	return;
	11	+ if (ntohl(wccp_i_see_you.number) > WCCP_ACTIVE_CACHES) {
	12	+ debug(80, 1) ("Ignoring WCCP_I_SEE_YOU from %s with number of caches set to %d\n",
	13	+ inet_ntoa(from.sin_addr), (int) ntohl(wccp_i_see_you.number));
	14	+ return;
	15	+ }
	16	+ if (ntohl(wccp_i_see_you.number) <= 0) {
	17	+ debug(80, 1) ("Ignoring WCCP_I_SEE_YOU from %s with non-positive number of caches\n",
	18	+ inet_ntoa(from.sin_addr));
	19	+ return;
	20	+ }
	21	if ((0 == change) && (number_caches == ntohl(wccp_i_see_you.number))) {
	22	if (last_assign_buckets_change == wccp_i_see_you.change) {
	23	/*
	24	***************
	25	* 274,280 **
	26	--- 284,294 ----
	27	wccpLowestIP(void)
	28	{
	29	int loop;
	30	+ /*
	31	+ * We sanity checked wccp_i_see_you.number back in wccpHandleUdp()
	32	+ */
	33	for (loop = 0; loop < ntohl(wccp_i_see_you.number); loop++) {
	34	+ assert(loop < WCCP_ACTIVE_CACHES);
	35	if (wccp_i_see_you.wccp_cache_entry[loop].ip_addr.s_addr < local_ip.s_addr)
	36	return 0;
	37	}
	38	***************
	39	* 311,318 **
	40
	41	debug(80, 6) ("wccpAssignBuckets: Called\n");
	42	number_caches = ntohl(wccp_i_see_you.number);
	43	! if (number_caches > WCCP_ACTIVE_CACHES)
	44	! number_caches = WCCP_ACTIVE_CACHES;
	45	wab_len = sizeof(struct wccp_assign_bucket_t);
	46	cache_len = WCCP_CACHE_LEN * number_caches;
	47
	48	--- 325,332 ----
	49
	50	debug(80, 6) ("wccpAssignBuckets: Called\n");
	51	number_caches = ntohl(wccp_i_see_you.number);
	52	! assert(number_caches > 0);
	53	! assert(number_caches <= WCCP_ACTIVE_CACHES);
	54	wab_len = sizeof(struct wccp_assign_bucket_t);
	55	cache_len = WCCP_CACHE_LEN * number_caches;
	56