summaryrefslogtreecommitdiffstats
path: root/www/squid27
diff options
context:
space:
mode:
authordes <des@FreeBSD.org>2004-06-09 20:34:00 +0000
committerdes <des@FreeBSD.org>2004-06-09 20:34:00 +0000
commitecd68523c3303ed379e6f480c8062f8e6bf6304b (patch)
treea2111f6d5c9b676007e5d0393f071acf2ada4114 /www/squid27
parent3e1af7fe44f07fa17f4ab7f480cedcbe4c3b6b8e (diff)
downloadFreeBSD-ports-ecd68523c3303ed379e6f480c8062f8e6bf6304b.zip
FreeBSD-ports-ecd68523c3303ed379e6f480c8062f8e6bf6304b.tar.gz
Add a couple of patches, including one for a buffer overflow in the NTLM
authentication helper. PR: ports/67764 Submitted by: maintainer
Diffstat (limited to 'www/squid27')
-rw-r--r--www/squid27/Makefile6
-rw-r--r--www/squid27/distinfo4
-rw-r--r--www/squid27/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c87
3 files changed, 95 insertions, 2 deletions
diff --git a/www/squid27/Makefile b/www/squid27/Makefile
index bc8d8fb..8bc9b08 100644
--- a/www/squid27/Makefile
+++ b/www/squid27/Makefile
@@ -29,7 +29,7 @@
PORTNAME= squid
PORTVERSION= 2.5.5
-PORTREVISION= 8
+PORTREVISION= 9
CATEGORIES= www
MASTER_SITES= \
ftp://ftp.squid-cache.org/pub/%SUBDIR%/ \
@@ -63,7 +63,9 @@ PATCHFILES= squid-2.5.STABLE5-ntlm_assert.patch \
squid-2.5.STABLE5-debug_client_ip.patch \
squid-2.5.STABLE5-ftp_html_doctype.patch \
squid-2.5.STABLE5-dns_localhost.patch \
- squid-2.5.STABLE5-msnt_auth_doc.patch
+ squid-2.5.STABLE5-msnt_auth_doc.patch \
+ squid-2.5.STABLE5-CONNECT_log_size.patch \
+ squid-2.5.STABLE5-proxy_abuse.patch
PATCH_DIST_STRIP= -p1
MAINTAINER= tmseck@netcologne.de
diff --git a/www/squid27/distinfo b/www/squid27/distinfo
index db5de42..98d0c13 100644
--- a/www/squid27/distinfo
+++ b/www/squid27/distinfo
@@ -44,3 +44,7 @@ MD5 (squid2.5/squid-2.5.STABLE5-dns_localhost.patch) = cee1c1417185696f5ab9c94fb
SIZE (squid2.5/squid-2.5.STABLE5-dns_localhost.patch) = 1408
MD5 (squid2.5/squid-2.5.STABLE5-msnt_auth_doc.patch) = 6031dda00c8e963e7f9ca17b369006bd
SIZE (squid2.5/squid-2.5.STABLE5-msnt_auth_doc.patch) = 16644
+MD5 (squid2.5/squid-2.5.STABLE5-CONNECT_log_size.patch) = 9bc3c39ca19ae2a4922d4a0e11bb4238
+SIZE (squid2.5/squid-2.5.STABLE5-CONNECT_log_size.patch) = 2011
+MD5 (squid2.5/squid-2.5.STABLE5-proxy_abuse.patch) = 8b169a288a0491a760f4d04c4f5eab21
+SIZE (squid2.5/squid-2.5.STABLE5-proxy_abuse.patch) = 761
diff --git a/www/squid27/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c b/www/squid27/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c
new file mode 100644
index 0000000..c837e41
--- /dev/null
+++ b/www/squid27/files/patch-helpers-ntlm_auth-SMB-libntlmssp.c
@@ -0,0 +1,87 @@
+This patch fixes a buffer overflow vulnerability in the NTLM auth
+helper which was reported by Stefan Esser on the 07th June 2004.
+Original advisory:
+<http://www.idefense.com/application/poi/display?id=107&type=vulnerabilities&flashstatus=false>
+CVE-ID: CAN-2004-0541
+Patch obtained from:
+<http://www.squid-cache.org/~wessels/patch/libntlmssp.c.patch>
+The patch was slightly modified by the me (tmseck@netcologne.de) to make
+it apply cleanly to the FreeBSD port.
+
+Index: libntlmssp.c
+===================================================================
+RCS file: /server/cvs-server/squid/squid/helpers/ntlm_auth/SMB/libntlmssp.c,v
+retrieving revision 1.7
+diff -u -3 -p -u -r1.7 libntlmssp.c
+--- helpers/ntlm_auth/SMB/libntlmssp.c 30 Nov 2001 09:50:28 -0000 1.7
++++ helpers/ntlm_auth/SMB/libntlmssp.c 20 May 2004 22:31:33 -0000
+@@ -161,7 +161,10 @@ make_challenge(char *domain, char *domai
+ #define min(A,B) (A<B?A:B)
+
+ int ntlm_errno;
+-static char credentials[1024]; /* we can afford to waste */
++#define MAX_USERNAME_LEN 255
++#define MAX_DOMAIN_LEN 255
++#define MAX_PASSWD_LEN 31
++static char credentials[MAX_USERNAME_LEN+MAX_DOMAIN_LEN+2]; /* we can afford to waste */
+
+
+ /* Fetches the user's credentials from the challenge.
+@@ -197,7 +200,7 @@ char *
+ ntlm_check_auth(ntlm_authenticate * auth, int auth_length)
+ {
+ int rv;
+- char pass[25] /*, encrypted_pass[40] */;
++ char pass[MAX_PASSWD_LEN+1];
+ char *domain = credentials;
+ char *user;
+ lstring tmp;
+@@ -215,8 +218,13 @@ ntlm_check_auth(ntlm_authenticate * auth
+ ntlm_errno = NTLM_LOGON_ERROR;
+ return NULL;
+ }
++ if (tmp.l > MAX_DOMAIN_LEN) {
++ debug("Domain string exceeds %d bytes, rejecting\n", MAX_DOMAIN_LEN);
++ ntlm_errno = NTLM_LOGON_ERROR;
++ return NULL;
++ }
+ memcpy(domain, tmp.str, tmp.l);
+- user = domain + tmp.l;
++ user = domain + tmp.l + 1;
+ *user++ = '\0';
+
+ /* debug("fetching user name\n"); */
+@@ -226,20 +234,30 @@ ntlm_check_auth(ntlm_authenticate * auth
+ ntlm_errno = NTLM_LOGON_ERROR;
+ return NULL;
+ }
++ if (tmp.l > MAX_USERNAME_LEN) {
++ debug("Username string exceeds %d bytes, rejecting\n", MAX_USERNAME_LEN);
++ ntlm_errno = NTLM_LOGON_ERROR;
++ return NULL;
++ }
+ memcpy(user, tmp.str, tmp.l);
+ *(user + tmp.l) = '\0';
+
+
+- /* Authenticating against the NT response doesn't seem to work... */
++ /* Authenticating against the NT response doesn't seem to work... */
+ tmp = ntlm_fetch_string((char *) auth, auth_length, &auth->lmresponse);
+ if (tmp.str == NULL || tmp.l == 0) {
+ fprintf(stderr, "No auth at all. Returning no-auth\n");
+ ntlm_errno = NTLM_LOGON_ERROR;
+ return NULL;
+ }
+-
++ if (tmp.l > MAX_PASSWD_LEN) {
++ debug("Password string exceeds %d bytes, rejecting\n", MAX_PASSWD_LEN);
++ ntlm_errno = NTLM_LOGON_ERROR;
++ return NULL;
++ }
++
+ memcpy(pass, tmp.str, tmp.l);
+- pass[25] = '\0';
++ pass[min(MAX_PASSWD_LEN,tmp.l)] = '\0';
+
+ #if 1
+ debug ("Empty LM pass detection: user: '%s', ours:'%s', his: '%s'"
OpenPOWER on IntegriCloud