- regarding http://securitytracker.com/alerts/2004/Dec/1012649.html

- security fix

Changed files:
    squid-2.5.STABLE7-empty_acls.patch -> 1.1

diff --git a/squid-2.5.STABLE7-empty_acls.patch b/squid-2.5.STABLE7-empty_acls.patch
new file mode 100644 (file)
index 0000000..a939f5b
--- /dev/null
+++ b/squid-2.5.STABLE7-empty_acls.patch
@@ -0,0 +1,133 @@
+Index: squid/src/acl.c
+diff -c squid/src/acl.c:1.270.2.30 squid/src/acl.c:1.270.2.31
+*** squid/src/acl.c:1.270.2.30 Wed Oct 20 17:18:36 2004
+--- squid/src/acl.c    Tue Dec 21 10:45:10 2004
+***************
+*** 557,567 ****
+       } else {
+           /* assume its time-of-day spec */
+           if (sscanf(t, "%d:%d-%d:%d", &h1, &m1, &h2, &m2) < 4) {
+!              debug(28, 0) ("%s line %d: %s\n",
+                   cfg_filename, config_lineno, config_input_line);
+-              debug(28, 0) ("aclParseTimeSpec: IGNORING Bad time range\n");
+-              memFree(q, MEM_ACL_TIME_DATA);
+-              return;
+           }
+           q = memAllocate(MEM_ACL_TIME_DATA);
+           q->start = h1 * 60 + m1;
+--- 557,565 ----
+       } else {
+           /* assume its time-of-day spec */
+           if (sscanf(t, "%d:%d-%d:%d", &h1, &m1, &h2, &m2) < 4) {
+!              fatalf("aclParseTimeSpec: ERROR: Bad time range in"
+!                  "%s line %d: %s\n",
+                   cfg_filename, config_lineno, config_input_line);
+           }
+           q = memAllocate(MEM_ACL_TIME_DATA);
+           q->start = h1 * 60 + m1;
+***************
+*** 569,579 ****
+           q->weekbits = weekbits;
+           weekbits = 0;
+           if (q->start > q->stop) {
+!              debug(28, 0) ("%s line %d: %s\n",
+                   cfg_filename, config_lineno, config_input_line);
+-              debug(28, 0) ("aclParseTimeSpec: IGNORING Reversed time range\n");
+-              memFree(q, MEM_ACL_TIME_DATA);
+-              return;
+           }
+           if (q->weekbits == 0)
+               q->weekbits = ACL_ALLWEEK;
+--- 567,575 ----
+           q->weekbits = weekbits;
+           weekbits = 0;
+           if (q->start > q->stop) {
+!              fatalf("aclParseTimeSpec: ERROR: Reversed time range in"
+!                  "%s line %d: %s\n",
+                   cfg_filename, config_lineno, config_input_line);
+           }
+           if (q->weekbits == 0)
+               q->weekbits = ACL_ALLWEEK;
+***************
+*** 891,912 ****
+       break;
+      case ACL_PROXY_AUTH:
+       if (authenticateSchemeCount() == 0) {
+!          debug(28, 0) ("aclParseAclLine: IGNORING: Proxy Auth ACL '%s' \
+! because no authentication schemes were compiled.\n", A->cfgline);
+       } else if (authenticateActiveSchemeCount() == 0) {
+!          debug(28, 0) ("aclParseAclLine: IGNORING: Proxy Auth ACL '%s' \
+! because no authentication schemes are fully configured.\n", A->cfgline);
+       } else {
+           aclParseUserList(&A->data);
+       }
+       break;
+      case ACL_PROXY_AUTH_REGEX:
+       if (authenticateSchemeCount() == 0) {
+!          debug(28, 0) ("aclParseAclLine: IGNORING: Proxy Auth ACL '%s' \
+! because no authentication schemes were compiled.\n", A->cfgline);
+       } else if (authenticateActiveSchemeCount() == 0) {
+!          debug(28, 0) ("aclParseAclLine: IGNORING: Proxy Auth ACL '%s' \
+! because no authentication schemes are fully configured.\n", A->cfgline);
+       } else {
+           aclParseRegexList(&A->data);
+       }
+--- 887,908 ----
+       break;
+      case ACL_PROXY_AUTH:
+       if (authenticateSchemeCount() == 0) {
+!          fatalf("Invalid Proxy Auth ACL '%s' "
+!              "because no authentication schemes were compiled.\n", A->cfgline);
+       } else if (authenticateActiveSchemeCount() == 0) {
+!          fatalf("Invalid Proxy Auth ACL '%s' "
+!              "because no authentication schemes are fully configured.\n", A->cfgline);
+       } else {
+           aclParseUserList(&A->data);
+       }
+       break;
+      case ACL_PROXY_AUTH_REGEX:
+       if (authenticateSchemeCount() == 0) {
+!          fatalf("Invalid Proxy Auth ACL '%s' "
+!              "because no authentication schemes were compiled.\n", A->cfgline);
+       } else if (authenticateActiveSchemeCount() == 0) {
+!          fatalf("Invalid Proxy Auth ACL '%s' "
+!              "because no authentication schemes are fully configured.\n", A->cfgline);
+       } else {
+           aclParseRegexList(&A->data);
+       }
+***************
+*** 936,945 ****
+      if (!new_acl)
+       return;
+      if (A->data == NULL) {
+!      debug(28, 0) ("aclParseAclLine: IGNORING invalid ACL: %s\n",
+           A->cfgline);
+-      memFree(A, MEM_ACL);
+-      return;
+      }
+      /* append */
+      while (*head)
+--- 932,939 ----
+      if (!new_acl)
+       return;
+      if (A->data == NULL) {
+!      debug(28, 0) ("aclParseAclLine: WARNING: empty ACL: %s\n",
+           A->cfgline);
+      }
+      /* append */
+      while (*head)
+Index: squid/lib/splay.c
+diff -c squid/lib/splay.c:1.12.4.1 squid/lib/splay.c:1.12.4.2
+*** squid/lib/splay.c:1.12.4.1 Thu Jan 15 00:38:35 2004
+--- squid/lib/splay.c  Tue Dec 21 10:45:10 2004
+***************
+*** 104,109 ****
+--- 104,111 ----
+  void
+  splay_destroy(splayNode * top, SPLAYFREE * free_func)
+  {
++     if (!top)
++      return;
+      if (top->left)
+       splay_destroy(top->left, free_func);
+      if (top->right)