Bug 649543

Summary: squid: crash due to large DNS response when no IPv6 resolver present
Product: [Other] Security Response Reporter: Vincent Danen <vdanen>
Component: vulnerabilityAssignee: Red Hat Product Security <security-response-team>
Status: CLOSED DUPLICATE QA Contact:
Severity: low Docs Contact:
Priority: low    
Version: unspecifiedCC: jskala, kurt
Target Milestone: ---Keywords: Security
Target Release: ---   
Hardware: All   
OS: Linux   
Whiteboard:
Fixed In Version: Doc Type: Bug Fix
Doc Text:
Story Points: ---
Clone Of: Environment:
Last Closed: 2010-11-03 23:45:36 UTC Type: ---
Regression: --- Mount Type: ---
Documentation: --- CRM:
Verified Versions: Category: ---
oVirt Team: --- RHEL 7.3 requirements from Atomic Host:
Cloudforms Team: --- Target Upstream Version:
Embargoed:

Description Vincent Danen 2010-11-03 22:36:22 UTC 
It was reported [1] that when Squid does a DNS lookup that results in a DNS response larger than 512 bytes, the server will try to query over TCP rather than UDP.  Squid will start the TCP connection, and then erroneously thinks it is sending an IPv6 DNS query and will crash if no IPv6 resolver is present.

This was reported to be evident in Squid version 3.1.6, but not 3.1.1.  It is corrected upstream in 3.1.7 [2].

[1] http://bugs.squid-cache.org/show_bug.cgi?id=3021
[2] http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072
Comment 2 Kurt Seifried 2010-11-03 23:20:35 UTC 
Duplicate? https://bugzilla.redhat.com/show_bug.cgi?id=626927
Comment 3 Vincent Danen 2010-11-03 23:44:34 UTC 
This doesn't have any real bearing on Squid 2.x.  Tested here in RHEL5 and connecting to a site that serves no content but has a large DNS response yields quite a timeout before getting an "unable to connect" message in elinks.  Noticed no significant memory usage, same process IDs running before and after, so this would only affect >3.1.1 and <=3.1.6 (not sure of the exact version on the low end).

As a result, this does not affect Red Hat Enterprise Linux 4 or 5 which provide squid 2.6.STABLE21 or earlier.  It also does not affect Fedora which provides 3.1.8 across all supported versions.
Comment 4 Vincent Danen 2010-11-03 23:45:36 UTC 
(In reply to comment #2)
> Duplicate? https://bugzilla.redhat.com/show_bug.cgi?id=626927

Yes, it is.  Thanks for spotting that Kurt.

*** This bug has been marked as a duplicate of bug 626927 ***