From: krolik <krolik@pld-linux.org>
Date: Tue, 28 Dec 2004 08:34:19 +0000 (+0000)
Subject: - regarding http://securitytracker.com/alerts/2004/Dec/1012649.html
X-Git-Tag: auto/ac/squid-2_5_STABLE7-9~1
X-Git-Url: http://git.pld-linux.org/?a=commitdiff_plain;h=2091dd322d6307914efb9e0ff570236dc606c0a4;p=packages%2Fsquid.git

- regarding http://securitytracker.com/alerts/2004/Dec/1012649.html
- security fix

Changed files:
    squid-2.5.STABLE7-empty_acls.patch -> 1.1
---

diff --git a/squid-2.5.STABLE7-empty_acls.patch b/squid-2.5.STABLE7-empty_acls.patch
new file mode 100644
index 0000000..a939f5b
--- /dev/null
+++ b/squid-2.5.STABLE7-empty_acls.patch
@@ -0,0 +1,133 @@
+Index: squid/src/acl.c
+diff -c squid/src/acl.c:1.270.2.30 squid/src/acl.c:1.270.2.31
+*** squid/src/acl.c:1.270.2.30	Wed Oct 20 17:18:36 2004
+--- squid/src/acl.c	Tue Dec 21 10:45:10 2004
+***************
+*** 557,567 ****
+  	} else {
+  	    /* assume its time-of-day spec */
+  	    if (sscanf(t, "%d:%d-%d:%d", &h1, &m1, &h2, &m2) < 4) {
+! 		debug(28, 0) ("%s line %d: %s\n",
+  		    cfg_filename, config_lineno, config_input_line);
+- 		debug(28, 0) ("aclParseTimeSpec: IGNORING Bad time range\n");
+- 		memFree(q, MEM_ACL_TIME_DATA);
+- 		return;
+  	    }
+  	    q = memAllocate(MEM_ACL_TIME_DATA);
+  	    q->start = h1 * 60 + m1;
+--- 557,565 ----
+  	} else {
+  	    /* assume its time-of-day spec */
+  	    if (sscanf(t, "%d:%d-%d:%d", &h1, &m1, &h2, &m2) < 4) {
+! 		fatalf("aclParseTimeSpec: ERROR: Bad time range in"
+! 		    "%s line %d: %s\n",
+  		    cfg_filename, config_lineno, config_input_line);
+  	    }
+  	    q = memAllocate(MEM_ACL_TIME_DATA);
+  	    q->start = h1 * 60 + m1;
+***************
+*** 569,579 ****
+  	    q->weekbits = weekbits;
+  	    weekbits = 0;
+  	    if (q->start > q->stop) {
+! 		debug(28, 0) ("%s line %d: %s\n",
+  		    cfg_filename, config_lineno, config_input_line);
+- 		debug(28, 0) ("aclParseTimeSpec: IGNORING Reversed time range\n");
+- 		memFree(q, MEM_ACL_TIME_DATA);
+- 		return;
+  	    }
+  	    if (q->weekbits == 0)
+  		q->weekbits = ACL_ALLWEEK;
+--- 567,575 ----
+  	    q->weekbits = weekbits;
+  	    weekbits = 0;
+  	    if (q->start > q->stop) {
+! 		fatalf("aclParseTimeSpec: ERROR: Reversed time range in"
+! 		    "%s line %d: %s\n",
+  		    cfg_filename, config_lineno, config_input_line);
+  	    }
+  	    if (q->weekbits == 0)
+  		q->weekbits = ACL_ALLWEEK;
+***************
+*** 891,912 ****
+  	break;
+      case ACL_PROXY_AUTH:
+  	if (authenticateSchemeCount() == 0) {
+! 	    debug(28, 0) ("aclParseAclLine: IGNORING: Proxy Auth ACL '%s' \
+! because no authentication schemes were compiled.\n", A->cfgline);
+  	} else if (authenticateActiveSchemeCount() == 0) {
+! 	    debug(28, 0) ("aclParseAclLine: IGNORING: Proxy Auth ACL '%s' \
+! because no authentication schemes are fully configured.\n", A->cfgline);
+  	} else {
+  	    aclParseUserList(&A->data);
+  	}
+  	break;
+      case ACL_PROXY_AUTH_REGEX:
+  	if (authenticateSchemeCount() == 0) {
+! 	    debug(28, 0) ("aclParseAclLine: IGNORING: Proxy Auth ACL '%s' \
+! because no authentication schemes were compiled.\n", A->cfgline);
+  	} else if (authenticateActiveSchemeCount() == 0) {
+! 	    debug(28, 0) ("aclParseAclLine: IGNORING: Proxy Auth ACL '%s' \
+! because no authentication schemes are fully configured.\n", A->cfgline);
+  	} else {
+  	    aclParseRegexList(&A->data);
+  	}
+--- 887,908 ----
+  	break;
+      case ACL_PROXY_AUTH:
+  	if (authenticateSchemeCount() == 0) {
+! 	    fatalf("Invalid Proxy Auth ACL '%s' "
+! 		"because no authentication schemes were compiled.\n", A->cfgline);
+  	} else if (authenticateActiveSchemeCount() == 0) {
+! 	    fatalf("Invalid Proxy Auth ACL '%s' "
+! 		"because no authentication schemes are fully configured.\n", A->cfgline);
+  	} else {
+  	    aclParseUserList(&A->data);
+  	}
+  	break;
+      case ACL_PROXY_AUTH_REGEX:
+  	if (authenticateSchemeCount() == 0) {
+! 	    fatalf("Invalid Proxy Auth ACL '%s' "
+! 		"because no authentication schemes were compiled.\n", A->cfgline);
+  	} else if (authenticateActiveSchemeCount() == 0) {
+! 	    fatalf("Invalid Proxy Auth ACL '%s' "
+! 		"because no authentication schemes are fully configured.\n", A->cfgline);
+  	} else {
+  	    aclParseRegexList(&A->data);
+  	}
+***************
+*** 936,945 ****
+      if (!new_acl)
+  	return;
+      if (A->data == NULL) {
+! 	debug(28, 0) ("aclParseAclLine: IGNORING invalid ACL: %s\n",
+  	    A->cfgline);
+- 	memFree(A, MEM_ACL);
+- 	return;
+      }
+      /* append */
+      while (*head)
+--- 932,939 ----
+      if (!new_acl)
+  	return;
+      if (A->data == NULL) {
+! 	debug(28, 0) ("aclParseAclLine: WARNING: empty ACL: %s\n",
+  	    A->cfgline);
+      }
+      /* append */
+      while (*head)
+Index: squid/lib/splay.c
+diff -c squid/lib/splay.c:1.12.4.1 squid/lib/splay.c:1.12.4.2
+*** squid/lib/splay.c:1.12.4.1	Thu Jan 15 00:38:35 2004
+--- squid/lib/splay.c	Tue Dec 21 10:45:10 2004
+***************
+*** 104,109 ****
+--- 104,111 ----
+  void
+  splay_destroy(splayNode * top, SPLAYFREE * free_func)
+  {
++     if (!top)
++ 	return;
+      if (top->left)
+  	splay_destroy(top->left, free_func);
+      if (top->right)