Note: This bug is displayed in read-only format because
the product is no longer active in Red Hat Bugzilla.
RHEL Engineering is moving the tracking of its product development work on RHEL 6 through RHEL 9 to Red Hat Jira (issues.redhat.com). If you're a Red Hat customer, please continue to file support cases via the Red Hat customer portal. If you're not, please head to the "RHEL project" in Red Hat Jira and file new tickets here. Individual Bugzilla bugs in the statuses "NEW", "ASSIGNED", and "POST" are being migrated throughout September 2023. Bugs of Red Hat partners with an assigned Engineering Partner Manager (EPM) are migrated in late September as per pre-agreed dates. Bugs against components "kernel", "kernel-rt", and "kpatch" are only migrated if still in "NEW" or "ASSIGNED". If you cannot log in to RH Jira, please consult article #7032570. That failing, please send an e-mail to the RH Jira admins at rh-issues@redhat.com to troubleshoot your issue as a user management inquiry. The email creates a ServiceNow ticket with Red Hat. Individual Bugzilla bugs that are migrated will be moved to status "CLOSED", resolution "MIGRATED", and set with "MigratedToJIRA" in "Keywords". The link to the successor Jira issue will be found under "Links", have a little "two-footprint" icon next to it, and direct you to the "RHEL project" in Red Hat Jira (issue links are of type "https://issues.redhat.com/browse/RHEL-XXXX", where "X" is a digit). This same link will be available in a blue banner at the top of the page informing you that that bug has been migrated.
Description of problem:
A fix for CVE-2012-5643 released via RHSA-2013:0505 as part of Red Hat Enterprise Linux 6.4 introduced a regression to the cachemgr.cgi. CGI application crashes whenever an attempt is made to make an authenticated connection to a proxy server.
Version-Release number of selected component (if applicable):
squid-3.1.10-18.el6_4
Steps to Reproduce:
1. install squid and httpd
2. open http://localhost/Squid/cgi-bin/cachemgr.cgi
3. enter arbitrary value to the password field and submit
4. see Internal Server Error and httpd error_log containing a crash backtrace starting as:
*** glibc detected *** /usr/lib/squid/cachemgr.cgi: free(): invalid pointer: 0x00ca7260 ***
======= Backtrace: =========
/lib/libc.so.6(+0x70e31)[0x26ee31]
/usr/lib/squid/cachemgr.cgi(+0x87ee)[0xc9b7ee]
/usr/lib/squid/cachemgr.cgi(main+0x7d9)[0xc971a9]
/lib/libc.so.6(__libc_start_main+0xe6)[0x214ce6]
/usr/lib/squid/cachemgr.cgi(+0x1e51)[0xc94e51]
Additional info:
The problem is in tools/cachemgr.cc make_auth_header(), which was modified by the patch to free str64 returned by base64_encode(). However, pointer returned by base64_encode() is a pointer to base64_encode()'s static result[] array, not a dynamically allocate memory (that is difference from squid 3.2 code base).
References:
http://bugs.squid-cache.org/show_bug.cgi?id=3790http://bazaar.launchpad.net/~squid/squid/3.1/revision/10486http://bugs.squid-cache.org/show_bug.cgi?id=3881http://bugs.centos.org/view.php?id=6572
Squid now is already releasing 3.4.0.1 beta which means that RH is far being just BUG fixes but already late in distributing the latest stable which is 3.3.8.
Eliezer
(In reply to Eliezer Croitoru from comment #3)
> Squid now is already releasing 3.4.0.1 beta which means that RH is far being
> just BUG fixes but already late in distributing the latest stable which is
> 3.3.8.
This bug report is about the specific problem. If you are interesting in other fixes or enhancements from newer upstream squid version, please consider filing separate request with details.
Comment 10Eliezer Croitoru
2013-09-20 01:31:04 UTC
(In reply to Michal Luscon from comment #6)
> Created attachment 796320[details]
> Upstream patch
This patch was tested in the newer version of squid.
I do not know how it goes inside RH but, this patch means there is an update to the RPM?
Eliezer