Bug 649543 - squid: crash due to large DNS response when no IPv6 resolver present
Summary: squid: crash due to large DNS response when no IPv6 resolver present
Status: CLOSED DUPLICATE of bug 626927
Alias: None
Product: Security Response
Classification: Other
Component: vulnerability
Version: unspecified
Hardware: All
OS: Linux
Target Milestone: ---
Assignee: Red Hat Product Security
QA Contact:
Depends On:
TreeView+ depends on / blocked
Reported: 2010-11-03 22:36 UTC by Vincent Danen
Modified: 2019-09-29 12:40 UTC (History)
2 users (show)

Fixed In Version:
Doc Type: Bug Fix
Doc Text:
Clone Of:
Last Closed: 2010-11-03 23:45:36 UTC

Attachments (Terms of Use)

Description Vincent Danen 2010-11-03 22:36:22 UTC
It was reported [1] that when Squid does a DNS lookup that results in a DNS response larger than 512 bytes, the server will try to query over TCP rather than UDP.  Squid will start the TCP connection, and then erroneously thinks it is sending an IPv6 DNS query and will crash if no IPv6 resolver is present.

This was reported to be evident in Squid version 3.1.6, but not 3.1.1.  It is corrected upstream in 3.1.7 [2].

[1] http://bugs.squid-cache.org/show_bug.cgi?id=3021
[2] http://bazaar.launchpad.net/~squid/squid/3.1/revision/10072

Comment 2 Kurt Seifried 2010-11-03 23:20:35 UTC
Duplicate? https://bugzilla.redhat.com/show_bug.cgi?id=626927

Comment 3 Vincent Danen 2010-11-03 23:44:34 UTC
This doesn't have any real bearing on Squid 2.x.  Tested here in RHEL5 and connecting to a site that serves no content but has a large DNS response yields quite a timeout before getting an "unable to connect" message in elinks.  Noticed no significant memory usage, same process IDs running before and after, so this would only affect >3.1.1 and <=3.1.6 (not sure of the exact version on the low end).

As a result, this does not affect Red Hat Enterprise Linux 4 or 5 which provide squid 2.6.STABLE21 or earlier.  It also does not affect Fedora which provides 3.1.8 across all supported versions.

Comment 4 Vincent Danen 2010-11-03 23:45:36 UTC
(In reply to comment #2)
> Duplicate? https://bugzilla.redhat.com/show_bug.cgi?id=626927

Yes, it is.  Thanks for spotting that Kurt.

*** This bug has been marked as a duplicate of bug 626927 ***

Note You need to log in before you can comment on or make changes to this bug.