diff options
-rw-r--r-- | www/squid27/Makefile | 7 | ||||
-rw-r--r-- | www/squid27/distinfo | 3 | ||||
-rw-r--r-- | www/squid27/patches/patch-tools_cachemgr.c | 127 |
3 files changed, 134 insertions, 3 deletions
diff --git a/www/squid27/Makefile b/www/squid27/Makefile index 810be551472..4dc253bc4ef 100644 --- a/www/squid27/Makefile +++ b/www/squid27/Makefile @@ -1,7 +1,7 @@ -# $NetBSD: Makefile,v 1.16 2011/11/28 15:26:26 drochner Exp $ +# $NetBSD: Makefile,v 1.16.8.1 2012/12/21 10:43:50 tron Exp $ DISTNAME= squid-2.7.STABLE9 -PKGREVISION= 2 +PKGREVISION= 5 PKGNAME= ${DISTNAME:S/STABLE//} CATEGORIES= www @@ -19,5 +19,8 @@ GNU_CONFIGURE= yes MESSAGE_SRC= ../squid/MESSAGE MESSAGE .include "../../www/squid/Makefile.squid" + +CONFIGURE_ARGS+= --enable-auth=basic,digest,ntlm + .include "../../www/squid/options.mk" .include "../../mk/bsd.pkg.mk" diff --git a/www/squid27/distinfo b/www/squid27/distinfo index e5b421c55a9..e8f99a684be 100644 --- a/www/squid27/distinfo +++ b/www/squid27/distinfo @@ -1,4 +1,4 @@ -$NetBSD: distinfo,v 1.12 2012/02/20 15:31:04 taca Exp $ +$NetBSD: distinfo,v 1.12.6.1 2012/12/21 10:43:50 tron Exp $ SHA1 (squid-2.7.STABLE9.tar.bz2) = bd389da9b74fd338e358f6b3f83bd3a1ed4d4f6f RMD160 (squid-2.7.STABLE9.tar.bz2) = bfa7c3dc3ede68646603f3379de35f44d7d8e97d @@ -16,3 +16,4 @@ SHA1 (patch-aj) = c5c7cd10a63a5066eee63988775f71758ed5463e SHA1 (patch-ak) = 73cde276e08f0e1257280b4603f6bd028c9a2234 SHA1 (patch-al) = a9e957a90dc6956e59668c297dd8566642baecff SHA1 (patch-am) = c31f27816578a05a909c4e64a646919d35e04c42 +SHA1 (patch-tools_cachemgr.c) = 203d19b4bc202cc1fbe4f8165e6eb4a968ccdbaf diff --git a/www/squid27/patches/patch-tools_cachemgr.c b/www/squid27/patches/patch-tools_cachemgr.c new file mode 100644 index 00000000000..9f715197588 --- /dev/null +++ b/www/squid27/patches/patch-tools_cachemgr.c @@ -0,0 +1,127 @@ +$NetBSD: patch-tools_cachemgr.c,v 1.1.2.2 2012/12/21 10:43:50 tron Exp $ + +Trying to handle http://www.squid-cache.org/Advisories/SQUID-2012_1.txt. + +--- tools/cachemgr.c.orig 2008-06-24 22:55:11.000000000 +0000 ++++ tools/cachemgr.c +@@ -509,12 +509,15 @@ munge_action_line(const char *_buf, cach + if ((p = strchr(x, '\n'))) + *p = '\0'; + action = xstrtok(&x, '\t'); ++ if (!action) { ++ xfree(buf); ++ return ""; ++ } + description = xstrtok(&x, '\t'); + if (!description) + description = action; +- if (!action) +- return ""; + snprintf(html, sizeof(html), " <a href=\"%s\">%s</a>", menu_url(req, action), description); ++ xfree(buf); + return html; + } + +@@ -715,6 +718,7 @@ process_request(cachemgr_request * req) + if (connect(s, (struct sockaddr *) &S, sizeof(struct sockaddr_in)) < 0) { + snprintf(buf, 1024, "connect: %s\n", xstrerror()); + error_html(buf); ++ close(s); + return 1; + } + l = snprintf(buf, sizeof(buf), +@@ -765,18 +769,43 @@ read_post_request(void) + { + char *s; + char *buf; +- int len; ++ char *endptr; ++ uint64_t len; ++ size_t bufLen, readLen; ++ + if ((s = getenv("REQUEST_METHOD")) == NULL) + return NULL; + if (0 != strcasecmp(s, "POST")) + return NULL; + if ((s = getenv("CONTENT_LENGTH")) == NULL) + return NULL; +- if ((len = atoi(s)) <= 0) ++ if (*s == '-') // negative length content huh? ++ return NULL; ++ ++ endptr = s+ strlen(s); ++ if ((len = strtoll(s, &endptr, 10)) <= 0) + return NULL; +- buf = xmalloc(len + 1); +- fread(buf, len, 1, stdin); +- buf[len] = '\0'; ++ ++ // limit the input to something reasonable. ++ // 4KB should be enough for the GET/POST data length, but may be extended. ++ bufLen = (len >= 4096 ? len : 4095); ++ buf = (char *)xmalloc(bufLen + 1); ++ ++ readLen = fread(buf, bufLen, 1, stdin); ++ if (readLen == 0) { ++ xfree(buf); ++ return NULL; ++ } ++ buf[readLen] = '\0'; ++ len -= readLen; ++ ++ // purge the remainder of the request entity ++ while (len > 0) { ++ char temp[65535]; ++ readLen = fread(temp, 65535, 1, stdin); ++ len -= readLen; ++ } ++ + return buf; + } + +@@ -886,26 +915,38 @@ decode_pub_auth(cachemgr_request * req) + buf = xstrdup(base64_decode(req->pub_auth)); + debug(3) fprintf(stderr, "cmgr: length ok\n"); + /* parse ( a lot of memory leaks, but that is cachemgr style :) */ +- if ((host_name = strtok(buf, "|")) == NULL) ++ if ((host_name = strtok(buf, "|")) == NULL) { ++ xfree(buf); + return; ++ } + debug(3) fprintf(stderr, "cmgr: decoded host: '%s'\n", host_name); +- if ((time_str = strtok(NULL, "|")) == NULL) ++ if ((time_str = strtok(NULL, "|")) == NULL) { ++ xfree(buf); + return; ++ } + debug(3) fprintf(stderr, "cmgr: decoded time: '%s' (now: %d)\n", time_str, (int) now); +- if ((user_name = strtok(NULL, "|")) == NULL) ++ if ((user_name = strtok(NULL, "|")) == NULL) { ++ xfree(buf); + return; ++ } + debug(3) fprintf(stderr, "cmgr: decoded uname: '%s'\n", user_name); +- if ((passwd = strtok(NULL, "|")) == NULL) ++ if ((passwd = strtok(NULL, "|")) == NULL) { ++ xfree(buf); + return; ++ } + debug(2) fprintf(stderr, "cmgr: decoded passwd: '%s'\n", passwd); + /* verify freshness and validity */ +- if (atoi(time_str) + passwd_ttl < now) ++ if (atoi(time_str) + passwd_ttl < now) { ++ xfree(buf); + return; +- if (strcasecmp(host_name, req->hostname)) ++ } ++ if (strcasecmp(host_name, req->hostname)) { ++ xfree(buf); + return; ++ } + debug(1) fprintf(stderr, "cmgr: verified auth. info.\n"); + /* ok, accept */ +- xfree(req->user_name); ++ safe_free(req->user_name); + req->user_name = xstrdup(user_name); + req->passwd = xstrdup(passwd); + xfree(buf); |